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To Ron Mullin, who taught me design theory 




Foreword 



The evolution of combinatorial design theory has been one of remarkable 
successes, unanticipated applications, deep connections with fundamental 
mathematics, and the desire to produce order from apparent chaos. While 
some of its celebrated successes date from the eighteenth and nineteenth cen- 
turies in the research of Euler, Kirkman, Cayley, Hamilton, Sylvester, Moore, 
and others, not until the twentieth century did the study of combinatorial 
designs emerge as an academic subject in its own right. When Fisher and his 
colleagues developed the mathematics of experimental design in the 1920s, 
combinatorial design theory was born as a field intimately linked to its ap- 
plications. Beginning in the 1930s, Bose and his school laid the foundations, 
embedding the nascent field firmly as a mathematical discipline by develop- 
ing deep connections with finite geometry, number theory, finite fields, and 
group theory; however, Bose accomplished much more. His foundation en- 
twined deep mathematics with its applications in experimental design and 
in recreational problems and anticipated its fundamental importance in the 
theory of error-correcting codes. 

The rapid advances in design theory can be attributed in large degree 
to its impetus from applications in coding theory and communications and 
its continued deep interactions with geometry, algebra, and number theory. 
The last fifty years have witnessed not only the emergence of certain com- 
binatorial designs (balanced incomplete block designs, Hadamard matrices, 
pairwise balanced designs, and orthogonal arrays, for example) as central, 
but also powerful combinatorial and computational techniques for their con- 
struction. Indeed the field grew so far and so fast that its historical connection 
to applications was strained. 

Yet, in the last twenty years, combinatorial design theory has emerged 
again as a field rich in current and practical applications. The fundamental 
connections with algebra, number theory, and finite geometry remain and 
flourish. The applications in experimental design and coding theory have 
developed a breadth and depth that defy brief explanation. Yet combinato- 
rial design theory has matured into more than this through applications in 
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cryptography, optical communications, storage system design, communica- 
tion protocols, algorithm design and analysis, and wireless communications, 
to mention just a few areas. 

Combinatorial design theory is mature and widely applied today because 
it has respected and advanced its mathematical heritage while finding gen- 
uine new applications. I am honored to write this foreword for two reasons. 
Doug Stinson has for twenty-five years been the epitome of a researcher and 
expositor who has advanced combinatorial design theory as a marriage of 
mathematics and applications. But more than that, the book you hold in your 
hands presents design theory as a seamless interaction of deep mathemat- 
ics and challenging applications. By providing an accessible introduction, it 
serves as an invitation to those in applications areas to appreciate and em- 
ploy beautiful mathematics and concurrently invites mathematicians to learn 
from the applications themselves. 

In which directions will combinatorial design theory evolve in the next 
century? We cannot yet know. We can know, however, that new mathemat- 
ical truths will be found and that unanticipated applications will arise. Our 
challenge is to seek both and to know that each profits from the other. 



Phoenix, Arizona 
April, 2003 



Charles }. Colhourn 
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Overview and Goals 

Combinatorial design theory is one of the most beautiful areas of mathemat- 
ics. Design theory has its roots in recreational mathematics, but it evolved 
in the twentieth century into a full-fledged mathematical discipline with di- 
verse applications in statistics and computer science. The fundamental prob- 
lems in design theory are simple enough that they can be explained to non- 
mathematicians, yet the solutions of those problems have involved the de- 
velopment of innovative new combinatorial techniques as well as ingenious 
applications of methods from other areas of mathematics such as algebra and 
number theory. Many classical problems remain unsolved to this day as well. 

This book is intended primarily to be a textbook for study at the senior 
undergraduate or beginning graduate level. Courses in mathematics or com- 
puter science can be based on this book. Regardless of the audience, how- 
ever, it requires a certain amount of "mathematical maturity" to study design 
theory. The main technical prerequisites are some familiarity with basic ab- 
stract algebra (group theory, in particular), linear algebra (matrices and vec- 
tor spaces), and some number-theoretic fundamentals (e.g., modular arith- 
metic and congruences). 



Topic Coverage and Organization 

The first seven chapters of this book provide a thorough treatment of the 
classical core of the subject of combinatorial designs. These chapters concern 
symmetric BIBDs, difference sets, Hadamard matrices, resolvable BIBDs, 
Latin squares, and pairwise balanced designs. A one-semester course can 
cover most of this material. For example, when I have taught courses on 
designs, I have based my lectures on material selected from the following 
chapters and sections: 
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• Chapter 1: Sections 1.1-1. 3, Section 1.4 (optional). Sections 1.5-1 .6 

• Chapter 2: Sections 2. 1-2.4 

• Chapter 3: Sections 3. 1-3.4 

• Chapter 4: Sections 4. 1-4.4, Section 4.5 (optional). Section 4.6 

• Chapter 5: Sections 5. 1-5.2, Section 5.3 (optional) 

• Chapter 6: Sections 6.1, Section 6.2 (optional). Sections 6. 3-6. 8 

• Chapter 7: Sections 7. 1-7.3 

There are many variations possible, of course. Typically, I would provide a 
complete proof of the Bruck-Ryser-Chowla Theorem or the Multiplier Theo- 
rem, but not both. It is possible to omit Wilson's Construction for MOLS in 
order to spend more time on pairwise balanced designs. Another option is to 
include the optional Section 6.2 and omit some of the material in Chapter 7. 
Yet another possibility is to present an introduction to f-designs (incorporat- 
ing some material from Chapter 9, Sections 9.1 and 9.2) and delete some of 
the optional sections listed above. 

More advanced or specialized material is covered in the last four chapters 
as well as in some later sections of the first seven chapters. The main topics 
in the last four chapters are minimal pairwise balanced designs, f-designs, 
orthogonal arrays and codes, and four selected applications of designs (in 
the last chapter). 

Key Features 

There are several features of this book that will make it useful as a textbook. 
Complete, carefully written proofs of most major results are given. There are 
many examples provided throughout in order to illustrate the definitions, 
concepts, and theorems. Numerous and varied exercises are provided at the 
end of each chapter. As well, certain mathematical threads flow through this 
book: 

• The linear algebraic method of proving Fisher's Inequality reappears sev- 
eral times. 

• The theme of Boolean functions is introduced in the study of bent func- 
tions and revisited in the discussion of Reed-Muller codes and a brief 
treatment of resilient functions. 

• The use of permutation groups as a construction technique is pervasive. 

• Elegant combinatorial arguments are used in many places in preference 
to alternative proofs that employ heavier mathematical machinery. 

• Finite fields are used throughout the book. For this reason, some back- 
ground material on finite fields is summarized in an Appendix. Flowever, 
another option for an instructor is to specialize constructions utilizing fi- 
nite fields Wq to the more familiar fields where p is a prime. 

As mentioned earlier, there are a variety of advanced or specialized topics 
that are discussed in the book. Flighlights include the following: 
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• regular Hadamard matrices and excess of Hadamard matrices; 

• bent functions; 

• bounds and constructions for minimal pairwise balanced designs; 

• the Ryser- Woodall Theorem; 

• constructions and bounds for f-wise balanced designs, including a proof 
of the Kramer Conjecture; 

• a survey of the combinatorial connections between orthogonal arrays, 
codes, and designs; 

• constructions and bounds for various classes of optimal codes and or- 
thogonal arrays; 

• Reed-Muller codes; 

• resilient functions; 

• four selected applications of designs: authentication codes, threshold 
schemes, group testing, and two-point sampling. 

It must be recognized that design theory is an enormous subject, and any 
choice of optional material in a 300 page book is dependent on the whim 
of the author! Thus there are many interesting or important areas of design 
theory that are not discussed in the book. I hope, however, that readers of the 
book will find a fascinating mix of topics that serve to illustrate the breadth 
and beauty of design theory. 

Audience 

As mentioned above, this book is primarily intended to be a textbook. In ad- 
dition, all of the material in this book is suitable for self-study by graduate 
students, who will find it provides helpful background information concern- 
ing research topics in design theory. Researchers may also find that some of 
the sections on advanced topics provide a useful reference for material that 
is not easily accessible in textbook form. 
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Introduction to Balanced Incomplete Block 
Designs 



1.1 What Is Design Theory? 

Combinatorial design theory concerns questions about whether it is possible 
to arrange elements of a finite set into subsets so that certain "balance" prop- 
erties are satisfied. Types of designs that we will discuss include balanced 
incomplete block designs, f-designs, pairwise balanced designs, orthogonal 
Latin squares, and many more. Many of the fundamental questions are ex- 
istence questions: Does a design of a specified type exist? Modern design 
theory includes many existence results as well as nonexistence results. How- 
ever, there remain many open problems concerning the existence of certain 
types of designs. 

Design theory has its roots in recreational mathematics. Many types of 
designs that are studied today were first considered in the context of math- 
ematical puzzles or brain-teasers in the eighteenth and nineteenth centuries. 
The study of design theory as a mathematical discipline really began in the 
twentieth century due to applications in the design and analysis of statistical 
experiments. Designs have many other applications as well, such as tourna- 
ment scheduling, lotteries, mathematical biology, algorithm design and anal- 
ysis, networking, group testing, and cryptography. 

This work will provide a mathematical treatment of the most important 
"classical" results in design theory. This roughly covers the period from 1940 
to 1980. In addition, we cover some selected recent topics in design theory 
that have applications in other areas, such as bent functions and resilient 
functions. 

Design theory makes use of tools from linear algebra, groups, rings and 
fields, and number theory, as well as combinatorics. The basic concepts of 
design theory are quite simple, but the mathematics used to study designs is 
varied, rich, and ingenious. 




2 1 Introduction to Balanced Incomplete Block Designs 

1.2 Basic Definitions and Properties 

Definition 1.1. A design is a pair ( X,A ) such that the folloiving properties are 
satisfied: 

1. X is a set of elements called points, and 

2. A is a collection (i.e., multiset) of nonempty subsets ofX called blocks. 

If two blocks in a design are identical, they are said to be repeated blocks. 
This is why we refer to hi as a multiset of blocks rather than a set. A design is 
said to be a simple design if it does not contain repeated blocks. 

If we want to list the elements in a multiset (with their multiplicities), we 
will use the notation [ ] . If all elements of a multiset have multiplicity one, 
then the multiset is a set. For example, we have that [1,2,5] = {1,2,5}, but 
[1,2, 5,2] {1,2,5, 2} = {1,2,5}. The order of the elements in a multiset is 

irrelevant, as with a set. 

Balanced incomplete block designs are probably the most-studied type 
of design. The study of balanced incomplete block designs was begun in the 
1930s by Fisher and Yates. Flere is a definition: 

Definition 1.2. Let v, k, and A be positive integers such that v > k > 2. A (v, k, A)- 
balanced incomplete block design (ivhich we abbreviate to {v,k, A)-BIBD) is a 
design (X, hi) such that the folloiving properties are satisfied: 

1. \X\ = v, 

2. each block contains exactly k points, and 

3. every pair of distinct points is contained in exactly A blocks. 

Property 3 in the definition above is the "balance" property. A BIBD is 
called an incomplete block design because k < v, and hence all its blocks are 
incomplete blocks. 

A BIBD may possibly contain repeated blocks if A > 1. The use of the 
letter “v" to denote the number of points is an artifact of the original motiva- 
tion for studying BIBDs, namely to facilitate the design of agricultural exper- 
iments. "v" was an abbreviation for "varieties", as in "varieties of wheat". 

We give a few examples of BIBDs now. To save space, we write blocks in 
the form abc rather than {a,b,c}. 

Example 1.3. A (7, 3, 1)-BIBD. 

X = {1,2, 3, 4, 5, 6, 7}, and 
A = {123,145,167,246,257,347,356}. 



This BIBD has a nice diagrammatic representation; see Figure 1.1. The blocks 
of the BIBD are the six lines and the circle in this diagram. @ 
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Example 1.4. A (9,3,1)-BIBD. 

X = {1,2, 3, 4, 5, 6, 7, 8, 9}, and 

A = {123, 456, 789, 147, 258, 369, 159, 267, 348, 168, 249, 357} . 

This BIBD can also be presented diagrammatically; see Figure 1.2. The 12 
blocks of the BIBD are depicted as eight lines and four triangles. Observe 
that the blocks can be separated into four sets of three, where each of these 
four sets covers every point in the BIBD. I 

Example 1.5. A (10,4,2)-BIBD. 

X = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9}, and 

A = {0123,0145,0246,0378,0579,0689,1278,1369,1479,1568, 

2359, 2489, 2567, 3458, 3467} . 

I 

Example 1.6. Let A consist of all k-subsets of X. Then (X,A) is a (v,k, 

BIBD. I 

Example 1.7. A (7,3, 2)-BIBD containing a repeated block. 

X = {0,1, 2, 3, 4, 5, 6}, and 

.4 = [123, 145, 167, 246, 257, 347, 356, 

123, 147, 156, 245, 267, 346, 357] . 



I 
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Fig. 1.2. A (9,3,1)-BIBD 



We now state and prove two basic properties of BIBDs. 

Theorem 1.8. In a (v,k, A)-BIBD, every point occurs in exactly 

A(»-l) 

r = — ; - 

k — 1 

blocks. 

Proof. Let (X,A) be a (v,k, A)-BIBD. Suppose x € X, and let r x denote the 
number of blocks containing x. Define a set 

I = {(y, A) : y e X,y f x, A e A, {x,y} C A}. 

We will compute 1 1 \ in two different ways. 

First, there are v — 1 ways to choose y € X such that y f x. For each such 
y, there are A blocks A such that { x, y } C A. Flence, 

|J| = A(^-l). 

On the other hand, there are r x ways to choose a block A such that x £ A. 
For each choice of A, there are k—1 ways to choose y € A,y x. Flence, 

\I\=r x (k-l). 

Combining these two equations, we see that 

AO-1) =r x (k- 1). 

Flence r x = A(o — l)/(k — 1) is independent of x, and the result follows. □ 
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The value r is often called the replication number of the BIBD. 

Theorem 1.9. A (v,k, A)-BIBD has exactly 

, vr A(v 2 — v) 

T = k 2 -k 

blocks. 

Proof. Let (X,A) be a (v,k, A)-BIBD, and let b = | A |. Define a set 

I = {(x, A) : x £ X, A £ A,x £ A}. 

We will compute |t| in two different ways. 

First, there are v ways to choose x £ X. For each such x, there are r blocks 
A such that x € A. Flence, 

\I\ = vr. 

On the other hand, there are b ways to choose a block A £ A. For each choice 
of A, there are k ways to choose x £ A. Flence, 

\I\ = bk. 

Combining these two equations, we see that 

bk = vr, 

as desired. □ 

Sometimes we will use the notation (v, b,r,k, A)-BIBD if we want to 
record the values of all five parameters. 

Since b and r must be integers, these two theorems allow us to conclude 
that BIBDs with certain parameter sets do not exist. We state the following 
obvious corollary of Theorems 1.8 and 1.9. 

Corollary 1.10. If a (v,k, A)-BIBD exists, then A(v — 1) = 0 (mod k — 1) and 
Av{v — 1) = 0 (mod k(k - 1)). 

For example, an (8,3, 1)-BIBD does not exist because A(v — 1) = 7 ^ 
0 (mod 2). As another example, let us consider the parameter set (19,4, 1). 
Flere, we see that Av(v — 1) = 342 ^ 0 (mod 12). Flence a (19,4, 1)-BIBD 
cannot exist. 

A more general use of Corollary 1.10 is to determine necessary conditions 
for families of BIBDs with fixed values of k and A. For example, it is not hard 
to show that a (v,3, 1)-BIBD exists only if v = 1, 3 (mod 6). 

One of the main goals of combinatorial design theory is to determine nec- 
essary and sufficient conditions for the existence of a (v,k, A)-BIBD. This is a 
very difficult problem in general, and there are many parameter sets where 
the answer is not yet known. For example, it is currently unknown if there 
exists a (22,8,4)-BIBD (such a BIBD would have r = 12 and b = 33). On the 
other hand, there are many known constructions for infinite classes of BIBDs 
as well as some other necessary conditions that we will discuss a bit later. 
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1.3 Incidence Matrices 

It is often convenient to represent a BIBD by means of an incidence matrix. 
This is especially useful for computer programs. We give the definition of an 
incidence matrix now. 

Definition 1.11. Let (X, A) be a design where X = {x\, . . . ,x v } and A = 
{Ai , . . . , Ah}. The incidence matrix of (X, A) is the v x b 0 — 1 matrix M = 
(m^j) defined by the rule 

_ r i ifxi € Aj 
V \ 0 ifxi f Aj. 

The incidence matrix, M, of a (v, b, r, k, Aj-BIBD satisfies the following 
properties: 

1. every column of M contains exactly k "l"s; 

2. every row of M contains exactly r "l"s; 

3. two distinct rows of M both contain "l"s in exactly A columns. 

Example 1.12. Consider the (9,3, 1)-BIBD presented in Example 1.4. The inci- 
dence matrix of this design is the following 9 x 12 matrix: 

/l 0 0 1 0 0 1 0 0 1 0 0\ 

100010010010 
100001001001 
010100001010 
M = 010010100001 . 

010001010100 

001100010001 

001010001100 

\ooiooiioooio/ 

I 

We need a few more definitions before stating the next theorem. Suppose 
I n denotes an n x n identity matrix, /„ denotes the n x n matrix in which 
every entry is a "1", and u, ; denotes the vector of length n in which every 
coordinate is a "1". Finally, for a matrix M = (»Pj), define the transpose of M, 
denoted M T , to be the matrix whose (j, i) entry is 

Theorem 1.13. Let M be av x b 0 — 1 matrix and let 2 < k < v. Then M is the 
incidence matrix of a (v, b, r,k, A)-BIBD if and only if MM T = A J v + (r — A )l v 
and u V M = kvy,. 

Proof. First, suppose (X, A) is a (v,k, A)-BIBD, where X = {x\, . . ,,x v } and 
A = { A \, . . . , Aj,}. Let M be its incidence matrix. The (z,/)-entry of MM r is 
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b 



E m i,h m j,h = 
h = 1 



r if i = / 
A if i ^ j. 



Hence, from properties 2 and 3 enumerated above, every entry on the main 
diagonal of the matrix MM T is equal to r, and every off-diagonal entry is 
equal to A, so MM T = A J v + (r — A )I V . 

Furthermore, the zth entry of u v M is equal to the number of "l"s in col- 
umn i of M. By property 1, this equals k. Hence, u V M = kvij,. 

Conversely, suppose that M is a v x b 0 — 1 matrix such that MM T = 
A J v + (r — A )I V and u- t ,M = fcuj. Let (X, A) be the design whose incidence 
matrix is M. Clearly we have |X| = v and \A\ = b. From the equation u 7 ,M = 
kuj,, it follows that every block in A contains k points. From the equation 
MM t = AJ V + (r — A )I V , it follows that every pair of points occurs in exactly 
A blocks, and every point occurs in r blocks. Hence, (X, A) is a (v, b, r, k, A)- 
BIBD. □ 



We will show that the converse part of the theorem above does not hold 
if the second condition is omitted. Incidence matrices satisfying the first con- 
dition are equivalent to a certain type of design, which we define now. 

Definition 1.14. A pairwise balanced design (or PBDj is a design (X, A) such 
that every pair of distinct points is contained in exactly A blocks, where A is a positive 
integer. Furthermore, (X, A) is a regular pairwise balanced design if every point 
x € X occurs in exactly r blocks A e A, where r is a positive integer. 

A PBD (X, A) is allowed to contain blocks of size |X| (i.e., complete blocks). If 
(X, A) consists only of complete blocks, it is said to be a trivial pairwise balanced 
design. If (X,A) contains no complete blocks, it is said to be a proper pairwise 
balanced design . 

We state the following variation of Theorem 1.13 without proof. 

Theorem 1.15. Let Mbe av xb 0 — 1 matrix. Then M is the incidence matrix of 
a regidar pairwise balanced design having v points and b blocks if and only if there 
exist positive integers r and A such that MM T = \J V + (r — A )I V . 

Here is an example to illustrate Theorem 1.15. 

Example 1.16. Consider the following 6x11 matrix: 

/ 1 0 1 1 1 0 0 0 0 0 0 \ 

10000111000 
10000000111 
01100100100 ■ 

01010010010 

yoiooiooiooi/ 

This matrix M is the incidence matrix of the following regular pairwise bal- 
anced design: 




1 Introduction to Balanced Incomplete Block Designs 



X = {1,2,3,4,5,61, and 
A = {123,456,14,15,16,24,25,26,34,35,36}. 

Here v = 6, b = 11, r = 4, and A = 1. The design is not a BIBD because the 
blocks do not all have the same size — there are two blocks of size three and 
nine blocks of size two. 

It is easily verified that MM r = ] v + 3 I v = A J v + (r — A )I V . However, 
u 6 M= (3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2), 

so ugM ^ kui, for any integer k. I 

Suppose that (X, A) is a design with |X| = v and \A\ = b. Let M be the 
v x b incidence matrix of (X, A). The design having incidence matrix M 1 
is called the dual design of (X,A). Suppose that (Y, B) is the dual design of 
(X, A); then |Y| = \A\ = b and \B\ = |X| = v. Properties of dual designs of 
BIBDs are summarized in the following theorem. 

Theorem 1.17. Suppose that (X,A) is a (v,b,r,k, A)-BIBD, and let ( Y,B ) be the 
dual design of (X, A). Then thefolloiving properties hold: 

1. every block in B has size r, 

2. every point in Y occurs in exactly k blocks in B, and 

3. any two distinct blocks B,-, Bj € B intersect in exactly A points. 

Example 1.18. Suppose that (X, A) is the (9,3, 1)-BIBD presented in Example 
1.4. Then (Y, B) is the dual design of (X, A), where 

Y = {1, 2, 3, 4, 5, 6, 7, 8, 9, T, £, V }, and 
B = {147T, 158E, 169 V, 248£, 257V, 268T,348V, 359T, 367£}. 

It is easy to verify that every block in B has size four, every point in Y occurs 
in exactly three blocks in B, and every pair of distinct blocks in B intersect in 
exactly one point. 1 



1.4 Isomorphisms and Automorphisms 

We begin with a definition. 

Definition 1.19. Suppose (X, A) and (Y,B) are two designs with |X| = |Y|. 
(X,A) and (Y,B) are isomorphic if there exists a bijection oc : X — > Y such 
that 

[{«(*) : x € A} : A e A] = B. 

In other zvords, ifzve rename every point x € Xby a(x), then the collection of blocks 
A is transformed into B. The bijection a is called an isomorphism. 
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Example 1.20. Here are two (7,3, l)-BIBDs, ( X,A ) and ( Y,B): 

X = {1,2, 3, 4, 5, 6, 7}, and 

.4 = {123,145,167,246,257,347,356}; 

V = {a,b,c,d,e, f,g}, and 
B = {abd, bee, cdf, deg, aef, bfg, aeg} . 

Suppose we define the bijection a as a(l) = a, a(2) = b, a(3) = d, a( 4) = c, 
a(5) = g, a( 6) = e and a(7) = f. Then, when we relabel the points in X using 
a, the blocks of A become the following: 

123 -> abd 
145 — > aeg 
167 -» aef 
246 — » bee 
257 -> bfg 
347 -> cdf 
356 — > deg. 

Thus k is an isomorphism of the two BIBDs. S 

We need to clarify how isomorphisms affect BIBDs having repeated 
blocks. Suppose that (X, A) and (Y, B) are two (v,k, A)-BIBDs, and suppose 
that k : X — » Y is an isomorphism of these two designs. Suppose further that 
(X, A) contains c copies of the block A. Then it must also be the case that 
(Y, B) contains c copies of the block {ix(x) : x £ A}. 

We can describe isomorphism of designs in terms of incidence matrices 
as follows. 

Theorem 1.21. Suppose M = and N = are both v x b incidence ma- 
trices of designs. Then the two designs are isomorphic if and only if there exists a 
permutation j of {1, . . . , v} and a permutation f of {1, . . . , b} such that 

m i,j = n y(i),p{j) 

for all 1 < i < v, 1 < j < b. 

Proof. Suppose that (X, A) and (Y, B) are designs having v x b incidence ma- 
trices M and N, respectively. Suppose that X = {x\, . . . , x v }, Y = {yi, . . . , y P }, 
A= {Ai, . . .,Aj,} r and B = 

Suppose first that (X, ^4) and ( Y, B) are isomorphic. Then, there exists a 
bijection a : X — > Y such that [{a(x) : x £ A} : A £ A] = B. For 1 < i < v, 
define 

7 (z) = j if and only if a(x ; ) = \jj. 
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Since a is a bijection of X and Y, it follows that 7 is a permutation of 

{1 , . . .,v}. 

Next, there exists a permutation j3 of {1, . . . , b} that has the property that 

{«(*) : * e Aj} = Bp {j) 

for 1 < j < b. Such a permutation exists because a is an isomorphism of 
(X,A) and (Y, B). 

Now, we have 



vi{ j = 1 4 $ X[ £ Aj 

^ y-y(i) G B W) 

^ n 7 (i),p(i) = 1 - 

Conversely, suppose we have permutations 7 and p such that m h j = 
n 7 (i),p(j) ^ or *'j‘ Define a : X — > Y by the rule 

oc(xp) = x/j if and only if 7 (t) = j. 

Then it is easily seen that 

{«(*) : x G Aj} = Bp {j) 

for 1 < j < b. Hence, a defines an isomorphism of (X, A) and (Y, B). □ 

A permutation matrix is a 0 — 1 matrix in which every row and every col- 
umn contain exactly one entry equal to "1". The following corollary of The- 
orem 1.21 provides an alternate characterization of isomorphic designs. The 
proof is left to the reader. 

Corollary 1.22. Suppose M and N are incidence matrices of two (v, b, r,k, A)- 
BIBDs. Then the tzvo BIBDs are isomorphic if and only if there exists a v x v permu- 
tation matrix, say P, and ab x b permutation matrix, say Q, such that M = PNQ. 

In general, determining whether or not two designs are isomorphic is a 
difficult computational problem. There are vl possible bijections between two 
sets of cardinality v. To show that two designs are not isomorphic, it must be 
shown that none of the v\ possible bijections constitutes an isomorphism. 
Since vl grows exponentially quickly as a function of v, it soon becomes im- 
practical to actually test every possible bijection. Fortunately, there are more 
sophisticated algorithms than testing every possibility exhaustively, and iso- 
morphism testing is practical for relatively large designs. 

Suppose (X, A) is a design. An automorphism of (X, A) is an isomorphism 
of this design with itself. In this case, the bijection a is a permutation of X such 
that 

[{a(x) : x G A] : A G A] = A. 

Of course, the identity mapping on X is always a (trivial) automorphism, but 
a design may have other, nontrivial automorphisms. 
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Example 1.23. Let (X, A) be the following (7,3, 1)-BIBD: 

X = {1,2, 3, 4, 5, 6 , 7}, and 
A = {123,145,167,246,257,347,356}. 

Suppose we define the permutation a. as follows: a(l) = 1, a(2) = 2, a(3) = 
3, a( 4) = 5, a( 5) = 4, a( 6 ) = 7, and a(7) = 6 . Then, when we relabel the 
points in X using a, the blocks of A become the following: 

123 -> 123 
145 -* 145 
167 -> 167 
246 -> 257 
257 -> 246 
347 -4 356 
356 -4 347. 

Thus oc is an automorphism of the BIBD. S 

It is often convenient to present a permutation a on a set X using the 
disjoint cycle representation. Each cycle in this representation has the form 

(x oc(x) a(a(x)) • • • ) 

for some x £ X. Eventually, we get back to x, creating a cycle. The cycles thus 
obtained are disjoint, and they have lengths that sum to |X|. The order of the 
permutation a is the least common multiple of the lengths of the cycles in the 
disjoint cycle representation. A fixed point of a is a point x such that ec{x) = x; 
note that fixed points of a correspond to cycles of length one in the disjoint 
cycle representation of a. 

The permutation a in the example above has the disjoint cycle represen- 
tation (1) (2) (3) (4 5 ) (6 7). It is a permutation of order 2 that contains three 
fixed points. 

It is easy to show that the set of all automorphisms of a BIBD (X, .4) 
forms a group under the operation of composition of permutations. This 
group is called the automorphism group of the BIBD and is denoted Aut(X, ^4). 
Aut(X, .4) is a subgroup of the symmetric group S| X | (where S v is the group 
consisting of all v\ permutations on a set of v elements). Note that a sub- 
group of S v is called a permutation group, so automorphism groups of designs 
are examples of permutation groups. 

Example 1.24. The (7, 3, 1)-BIBD (X, .4) in the previous example has another 
automorphism, /3 = (1243675). The composition 7 a o (3 is defined as 
7 (x) = /3(a(x)) for all x € X. It can be checked that 7 = (1 2 4) (3 6 5)(7). 
Thus 7 is an automorphism of the BIBD because it is the composition of two 
automorphisms . 

(X, .4) has many other automorphisms. In fact, it turns out that Aut(X, A) 
is a group of order 168. I 




12 1 Introduction to Balanced Incomplete Block Designs 

1.4.1 Constructing BIBDs with Specified Automorphisms 



In this section, we describe a method that can often be used to determine 
the existence or nonexistence of a (v,k, A)-BIBD having specified automor- 
phisms. 

Let S v denote the symmetric group on a c'-set, say X. For a positive integer 
j < v, let ('J) denote the set of all ( z j) /-subsets of X. For a subset Y C X and 
for a permutation fi £ S v , define 

m = im -x€Y}. 



Suppose that G is a subgroup of S v . Let j < v be a positive integer, and 
for A,B G (J), define A B if /3(A) = B for some f> £ G. It is not hard 

/ V\ 

to prove that is an equivalence relation on [p. The equivalence classes 
of this relation are called the j-orbits of X with respect to the group G. The 
/-orbits comprise a partition of the set (^), and /3(A) = B for some f G G if 
and only if A and B are in the same orbit of G. 

The well-known Cauchy-Frobenius-Burnside Lemma provides a method 
of computing the number of /-orbits of X. For each f G G, define 



fi x (0) 



{ag (^) :/S(A)=a| . 



We state the following lemma without proof. 

Lemma 1.25 (Cauchy-Frobenius-Burnside Lemma). The number of j-orbits of 
X with respect to the group G is exactly 



1 

W\ 



E Ml 6 ). 

peG 



Suppose that 0\,...,0 n are the /c-orbits, and V \, ... , V m are the 2-orbits 
of X with respect to the group G. We define an n x m matrix, denoted A^ 2 , 
as follows. For 1 < / < m, choose any 2-subset Yj G Vj. Then, for 1 < i < n, 
the i,j entry of A fc 2 , denoted a h j, is defined as follows: 

«/,;■ = I {A £ Or- Yj CA}|. 

It can be shown that the definition of a, j does not depend on the particular 
orbit representatives Yj that are chosen; this follows immediately from the next 
lemma. 



Lemma 1.26. Suppose that 0\, . . . , O n are the k-orbits, and V \, . . . , V m are the 2- 
orbits of X with respect to the group G. Suppose that Y , Y' G Vj for some j, and 
suppose 1 < i < n. Then 

| {A G Oi : Y C A}| = | {A G G>; : Y 1 C A}|. 
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Proof. There exists (5 £ G such that /3(Y) = Y' . For each A £ Oj such that 

Y C A, it holds that Y' C (5(A). f> is a permutation, so (5(A) 7 ^ (5(B) if 
A B. Therefore, for each A £ O, such that Y C A, we obtain a block 
A' = ( 5(A) £ 0[ such that Y' C A' , and the blocks (5(A) , where A £ Oj and 

Y C A, are all distinct. Therefore 

| {A £ Oi : Y C A}\ < \{A £ Oj : Y' C A}|. 

The inequality in the opposite direction follows by interchanging the roles 
of Y and Y', and replacing (5 by /5 _1 . Combining the two inequalities, the 
desired result is proven. □ 

Here now is the main result of this section. 

Theorem 1.27 (Kramer-Mesner Theorem). There exists a (v,k, A)-BIBD hav- 
ing G as a subgroup of its automorphism group if and only if there exists a solution 
z £ Z" to the matrix equation 



zAj.^2 — Au m , 



( 1 . 1 ) 



where z has nonnegative entries. 

Proof. We give a sketch of the proof. First, suppose that z = (z\, . . . , z n ) is a 
nonnegative integral solution to equation (1.1). Define 

n 

A=[J zA- 

i = 1 

The notation above is a multiset union; it means that A is formed by taking 
Zj copies of every block in Oj for 1 < i < n. It is easy to see that (X, A) is a 
(v,k, A)-BIBD having G as a subgroup of its automorphism group. 

Conversely, suppose that (X, A) is the desired BIBD. Then A necessarily 
must consist of a multiset union of the orbits Oj, 1 < i < n. Let z, denote 
the number of times each of the blocks of the orbit Oj occurs in A; then z = 
(zi, . . . , z n ) is a nonnegative integral solution to equation (1.1). □ 

As an additional remark, we observe that the BIBD in Theorem 1.27 is 
simple if and only if the vector z £ {0, 1}". 

Example 1.28. We use the technique described above to construct a (6,3,2)- 
BIBD having an automorphism of order 5. Suppose that a = (0 1 2 3 4) (5) 
and G = { a‘ : 0 < i < 4}. It is easy to see that there are three 2-orbits of 
X = {0, 1,2, 3,4, 5}, namely 



Vi = {01,12,23,34,40}, 

V 2 = {02,13,24,30,41}, and 
V 3 = {05,15,25,35,45}. 
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Also, there are four 3-orbits: 

Ox = {012,123,234,340,401}, 

C > 2 = {013,124,230,341,402}, 
e > 3 = {015, 125, 235, 345, 405}, and 
0 4 = {025,135,245,305,415}. 

The matrix A 3 ^ is as follows: 




The equation zA .3 2 = 2 U 3 has exactly two nonnegative integral solutions: 
z = (1, 0,0,1) and z = (0,1, 1,0). Each of these solutions yields a (6,3,2)- 
BIBD having a. as an automorphism. S 

Here is a more interesting example, in which the orbits do not all have 
the same size. 

Example 1.29. We construct a (9,3, 1)-BIBD having a certain automorphism of 
order six. Suppose that a. = (0 1 2 3 4 5 ) (6 7 8) and G = {a 1 : 0 < i < 5}. The 
permutations in G are as follows: 

a = (0 1 2 3 4 5)(6 7 8 ), 
a 2 = (0 2 4)(1 3 5)(6 8 7), 

* 3 = (0 3) (1 4) (2 5) ( 6 ) (7) ( 8 ), 
a 4 = (0 4 2)(1 5 3)(6 7 8 ), 
a 5 = (0 5 4 3 2 1)(6 8 7), and 
«° = ( 0 )( 1 )( 2 )( 3 )( 4 )( 5 )( 6 )( 7 )( 8 ). 

Lemma 1.25 can be used to compute the number of 2- and 3-orbits. First 
we consider 2-orbits. It is not hard to see that fix(a) = fix(a 2 ) = fix(a 4 ) = 
fix(a 5 ) = 0, fix(a 3 ) = 6 , and fix(a°) = ( 2 ) = 36. Therefore, the number of 
2-orbits is (36 + 6 ) /6 = 7. 

Now we turn to 3-orbits. It is not hard to check that fix(a) = fix(a 5 ) = 1, 
fix(a 2 ) = fix(« 4 ) = 3, fix(a 3 ) = 10, and fix(a°) = ( 3 ) = 84. Therefore, the 
number of 3-orbits is (84 + 10 + 2(3) + 2(l))/6 = 17. 

We leave it as an exercise for the reader to construct the A 3 2 matrix and 
solve the matrix equation. It turns out that there is a solution; the following 
(9, 3, 1)-BIBD, consisting of four of the 3-orbits, has a as an automorphism: 

orbit orbit size 

018 126 237 348 456 507 6 

036 147 258 3 

024 135 2 

678 1 
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The total number of blocks is 12, as it must be. ® 

It is, in general, a nontrivial task to construct an h/ c 2 matrix if the set X 
is even of moderate size. It is a considerably more difficult problem to find 
the desired integral solution to the matrix equation (and of course there is no 
guarantee that the sought-after solution even exists). The known algorithms 
to find nonnegative integral solutions of matrix equations have exponential 
complexity and may require enormous amounts of computing time to run to 
completion. Nevertheless, this approach to finding designs having specified 
automorphisms has been very useful in practice in discovering previously 
unknown designs. 



1.5 New BIBDs from Old 

In this section, we give two simple methods of constructing new BIBDs from 
old. The first construction can be called the "sum construction". Given two 
BIBDs on the same point set, it involves forming the collection of all the 
blocks in both designs. 

Theorem 1.30 (Sum Construction). Suppose there exists a ( v,k , Ai)-BIBD and 
a (v,k, A 2 )-BIBD Then there exists a (v,k,\i + A 2 )-BIBD. 

Corollary 1.31. Suppose there exists a (v,k, A)-BIBD. Then there exists a (v,k,s A)- 
BIBD/or all integers s > 1. 

Note that the BIBDs produced by Corollary 1.31 with s > 2 are not simple 
designs, even if the initial (v,k, A)-BIBD is simple. For A > 1, construction of 
simple BIBDs is, in general, more difficult than construction of BIBDs with 
repeated blocks. 

To illustrate an application of the sum construction, let us consider (16, 6, A)- 
BIBDs. We will see in the next section that there does not exist a (16, 6, 1)- 
BIBD. However, both a (16,6, 2)-BIBD and a (16, 6, 3)-BIBD are known to ex- 
ist. By application of the sum construction, it then follows that there exists a 
(16, 6, A)-BIBD if and only if A > 1. 

The second construction is called "block complementation". Suppose 
(X, hi) is a BIBD, and we replace every block A £ A by X\A. The result 
is again a BIBD, as stated in the following theorem. 

Theorem 1.32 (Block Complementation). Suppose there exists a ( v , b, r, k, A)- 

BIBD, where k < v — 1. Then there also exists a (v, b, b — r, v — k, b — 2r + A)- 

BIBD. 

Proof. Suppose (X, hi) is a (v, b, r, k, A) -BIBD. We will show that 



(X,{X\A : A G .4}) 
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is a BIBD. Clearly, this design has v points and b blocks, every block contains 
v — k > 2 points, and every point occurs in b — r blocks. Hence, we just need 
to show that every pair of points occurs in exactly b — 2r + A blocks. 

Let x, y € X, x f y. Define 

«i = |{A e A : x,y e A}\, 
ci2 — { A G A : x G A , y A}|, 

«3 = \{A & A : x A,y & A}\, and 

«4 = |{Aed:x,i/^A}|. 

Then it is easy to see that 



ci\ = A, 

«i + «2 = r, 
a l + a 3 — L and 
T (?3 T — b. 

These four equations may be solved easily to obtain 

^4 = b — 2r + A, 



as desired. □ 

For example, the complement of a ( 7, 3, 1 ) - B I B D is a ( 7, 4, 2 ) - B I B D, and the 
complement of a (9, 3, 1)-BIBD is a (9,6, 5)-BIBD. In view of Theorem 1.32, it 
suffices to study BIBDs with k < v/2. 



1.6 Fisher's Inequality 

We have already discussed two necessary conditions for the existence of a 
{v,k, A)-BIBD, namely Theorems 1.8 and 1.9. Another important necessary 
condition is known as "Fisher's Inequality". 

Theorem 1.33 (Fisher's Inequality). In any (v,b,r,k, A)-BIBD, b > v. 

Proof. Let ( X,A ) be a (v,b,r,k, A)-BIBD, where X = {x\, . . .,x v } and A = 
{Ai, . . ., A;,}. Let M be the incidence matrix of this BIBD, and define sy to 
be the yth row of M 1 (equivalently, s ; r is the j th column of M). Note that 
Si, . . . , Sf, are all c-dimensional vectors in the real vector space IR 1 '. 

Define S = (sy : 1 < j < b} and define S = spanfs, : 1 < j < b). S is the 
subspace of spanned by the sy's; it consists of the following vectors: 

f b 

S = < Y2 a j s j '■ ol\, . . . ,ccb eR 
U=1 
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In other words, S consists of all linear combinations of the vectors S] , . . . , Sj,. 

We will prove that S = IR r ’; i.e., the b vectors in S span the vector space 
R 1 ' . Since R r has dimension v and is spanned by a set of b vectors, it must be 
the case that b > v. 

Our task is thus to show that S = R p . For 1 < i < v, define e, € R° to 
be the vector with a "1" in the z’th coordinate and "0"s in all other coordi- 
nates. The vectors e\,...,e v form a basis for R 1 ', so every vector in R 1 ' can 
be expressed as a linear combination of these v vectors. Therefore, to show 
that S = R 1 ', it suffices to show that e, € S for 1 < i < v (i.e., that each basis 
vector e, can be expressed as a linear combination of vectors in S). 

First, we observe that 

b 

E s j = (r,...,r), (1.2) 

;=i 

from which it follows that 

E = (1 1). (1.3) 

M 



Next, fix a value z, 1 < i < v. Then we have 

E Sj = (r-A)e/ + (A,...,A). (1.4) 

{j-.XieAj} 

Since A(z; — 1) = r(k — 1) and v > k, it follows that r > A, and hence r — A ^ 0. 
Then we can combine equations (1.3) and (1.4) to obtain 



e; 



E 

{y.XieAj} 




b 



E 

7=1 



A 

r(r — A) S ^’ 



(1.5) 



Equation (1.5) gives a formula expressing e, as a linear combination of 
si, .. .,sj, as desired. □ 

Note that the conclusion of Theorem 1.33, b > v, can be stated in other, 
equivalent ways, such as r > k and A(v 1) >k 2 -k. 

As an example, consider the parameter set (16,6,1). In a (16, 6, 1)-BIBD, 
we would have r = 3, but it would then be the case that r < k, which is 
impossible. Hence, a (16, 6, 1)-BIBD does not exist. 

Theorem 1.33 can easily be generalized to regular pairwise balanced de- 
signs. We have the following. 

Theorem 1.34. In any nontrivial regular pairwise balanced design, b > v. 

Proof. By examining the proof of Theorem 1 .33, it can be seen that the fact 
that all blocks have the same size is not used in the proof. Therefore, Fisher's 
Inequality holds for regular pairwise balanced designs in which r > A. It 
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is easy to see that a regular PBD has r > A if and only if it is not a trivial 
PBD. Therefore we conclude that Fisher's Inequality is valid for all nontrivial 
regular PBDs. □ 

In fact, Fisher's Inequality holds for all nontrivial pairwise balanced de- 
signs (not just the regular ones), but a slightly different proof is required. We 
will return to this topic in Chapter 8. 



1.7 Notes and References 

Fisher's Inequality was first proven in 1940 by the famous statistician Ronald 
Fisher [45]. There are many proofs of this result; we have chosen to employ 
a linear-algebraic proof technique that will be used to prove several other 
results later in this book. 

The Kramer-Mesner Theorem was proven in 1975 in [71], It has since been 
used to find many previously unknown designs. For a nice survey of com- 
putational techniques in design theory, see Gibbons [47], 

There are several reference books and textbooks on combinatorial design 
theory. The book "Combinatorial Designs" by Wallis [115] is a fairly easy-to- 
read general introduction. Two other good introductory textbooks are "Com- 
binatorial Designs and Tournaments" by Anderson [2] and "Design Theory" 
by Lindner and Rodger [77], A more advanced book that contains a great deal 
of useful information is the two-volume work also entitled "Design Theory" 
by Beth, Jungnickel, and Lenz [9, 10]. The reader can also profitably consult 
"Design Theory" by Hughes and Piper [61] and "Combinatorics of Exper- 
imental Design" [107] by Street and Street (however, these two books are 
currently out of print). 

The "CRC Handbook of Combinatorial Designs", edited by Colbourn and 
Dinitz [27], is an enormous, encyclopedic reference work that is a valuable 
resource for researchers. This book also has an on-line Web page located at 
the following URL: http://www.emba.uvm.edu/~dinitz/hcd.html. 
"Contemporary Design Theory, A Collection of Surveys", edited by Dinitz 
and Stinson [41], is a collection of twelve surveys on various topics in design 
theory. 

Two books that explore the links between combinatorial design the- 
ory and other branches of combinatorial mathematics are "Designs, Codes, 
Graphs and Their Links" by Cameron and van Lint [20] and "Combinatorial 
Configurations: Designs, Codes, Graphs" by Tonchev [110]. 

Several "general" combinatorics textbooks contain one or more sections 
on designs. Three books that are worth consulting are "Combinatorics: Top- 
ics, Techniques, Algorithms", by Cameron [19]; "Combinatorial Theory (Sec- 
ond Edition)", by Hall [53]; and "A Course in Combinatorics (Second Edi- 
tion)", by Van Lint and Wilson [79]. 
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Much recent research on combinatorial designs can be found in the Jour- 
nal of Combinatorial Designs, which has been published by John Wiley & Sons 
since 1993. 



A *(*) = 



1.8 Exercises 

1.1 What is the value of b in a (46,6, 1)-BIBD (if it exists)? 

1.2 What is the value of r in a (65,5, 1)-BIBD? 

1.3 For all integers k and v such that 3 < k < v/2 and v < 10, determine 

the smallest integer A such that the parameter set (v, k, A) satisfies the 

necessary conditions stated in Corollary 1.10. 

1.4 For an integer k > 2, let A *{k) denote the minimum integer such that 
the conditions stated in Corollary 1.10 are satisfied for all integers v > 
k. 

(a) Compute A*(k) for k = 3,4, 5 and 6. 

(b) Prove that 

(2) if k is even 

^k(k— 1) ifk is odd. 

1.5 Let M be the incidence matrix of a ( v , b, r, k, 1)-BIBD and define N = 
M t M. Denote N = ( n^j ). Prove that 

( k if/' = j 
l 'i 1 0 or 1 if z 7^ j. 

1.6 Construct a regular pairwise balanced design on six points that con- 
tains exactly four blocks of size three. 

1.7 Give a complete proof of Theorem 1.15. 

1.8 Give a complete proof of Theorem 1.17. 

1.9 (a) Prove that no (6, 3, 2)-BIBD can contain repeated blocks. 

(b) Prove that all (6, 3, 2)-BIBDs are isomorphic. 

1.10 Give a complete proof of Corollary 1.22. 

1.11 Show that all (7, 3, l)-BIBDs are isomorphic by the following method. 
(Fill in the details of the proof.) 

(a) Without loss of generality, we can take the points to be { 1, . . . , 7}, 
and let the blocks containing the point 1 be {1, 2, 3}, { 1, 4, 5}, and 
{1,6,7}. 

(b) Find all ways to complete this structure to a (7,3, 1)-BIBD. 

(c) Then show that all the designs obtained are isomorphic. 

1.12 Find an isomorphism n of the two (9,3, l)-BIBDs ( X,A ) and ( Y,B ), 
and give a complete verification that the two BIBDs are isomorphic. 

X= {1,2,3,4,5,6,7,8,9} 

A = {123, 147, 159, 168, 258, 267, 249, 369, 348, 357, 456, 789} 

Y = {a, b, c, d,e,f ,g,h,i} 

B = {abe, acd, afi, agh,bcf ,bdg,bhi, cell, cgi, dfh, dei, efg} . 




20 



1 Introduction to Balanced Incomplete Block Designs 



Hint: Observe that if n(x) = oc, n{y) = j 6 , {x,y,z} € A, and {a, /3, 7 } G 
B, then it must be the case that 7 r(z) = 7 . 

1.13 Suppose we arrange the elements of a set X = {0, . . . , 15} in a 4 x 4 
array A as follows: 

/ 0 1 2 3\ 

4 5 6 7 
8 9 10 11 ' 

\ 12 13 14 15 

For each x, 0 < x < 15, suppose we define a block B x consisting of 
the elements in the same row or column of A as x, excluding x. Then 
define a set of blocks B = {B x : 0 < x < 15}. We are going to study the 
design (X,B). 

(a) Prove that this design is a (16,6,2)-BIBD. 

(b) Construct the incidence matrix of this BIBD. 

(c) Prove that the mapping a(x) = (x + 4) mod 16 is an automor- 
phism of this BIBD. 

(d) Prove that this BIBD has automorphisms of orders 2, 3, and 4. 

1.14 Suppose that a is an automorphism of order p of a {y, k, 1)-BIBD, where 
p is prime. Let ctf denote the number of fixed points in a. 

(a) Prove that Kf = v (mod p). 

(b) Suppose that 2 < Kf < k — 1. Prove that k > p + 2. 

(c) As a corollary, prove that a (7,3, 1)-BIBD cannot have an auto- 
morphism of order 5. 

1.15 Let G be the permutation group of order 3 on the set X = {1, . . . , 7} 
that is generated by the permutation a = (1 2 3) (4 5 6 ) (7). 

(a) Use Lemma 1.25 to compute the number of 2- and 3-orbits of X 
with respect to G. 

(b) Use Theorem 1.27 to find all (7, 3, l)-BIBDs having a as an au- 
tormorphism. 

1.16 Referring to Example 1.29, carry out the following computations. 

(a) Construct all the 2-orbits and 3-orbits. 

(b) Construct the A 3 2 matrix. 

(c) Find all solutions to the matrix equation = U 7 . 

1.17 Construct (9, 3, l)-BIBDs having the following permutations as auto- 
morphisms. 

(a) (1)(2 3 4 5 6 7 8 9). 

(b) (1)(2)(3)(4 5 6)(7 8 9). 

(c) (1)(2)(3)(4 5)(6 7)(8 9). 

1.18 (a) Constructa (7,4,2)-BIBD. 

(b) Determine the incidence matrix of this BIBD. 

(c) For the incidence matrix that you have computed, express the 
vector e 3 as a linear combination of the vectors S ] , . . . , S7 using 
(1.5). Then verify that the resulting linear combination indeed 
yields the vector ej. 
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1.19 Let Bo be a block in a ( v,k, 1)-BIBD, say (X, B). 

(a) Find a formula for the number of blocks B £ B such that |B fl 

Bo | = I- 

(b) Use your formula to show that £> > k(r — 1) + 1 if a (v,k, 1)-BIBD 
exists. 

(c) Using the facts that vr = bk and v = r(k — 1) + 1, deduce that 
(r — k) (r — 1) (k — 1) > 1, and hence r > k, which implies Fisher's 
Inequality. 

1.20 Let B 0 be a block in a (v,k, 1)-BIBD, say (X, B). Let x e X\B 0 , and show 
that there are at least k blocks that contain x and intersect B () . From this, 
deduce that r > k, which implies Fisher's Inequality. 
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Symmetric BIBDs 



2.1 An Intersection Property 

Definition 2.1. A BIBD in which b = v (or, equivalently, r = k or X(v — 1) = 
k 2 — k) is called a symmetric BIBD. (Note that this terminology does not mean that 
the incidence matrix is a symmetric matrix.) 

A simple but rather trivial family of symmetric BIBDs can be obtained 
from Example 1.6 when v = k + 1. These are symmetric (v, v — 1, v — 2)- 
Bl BDs. We will see many examples of more interesting symmetric BIBDs later 
in this and other chapters. 

In the next three chapters, we study various properties and constructions 
of symmetric BIBDs. We begin by stating and proving an important theorem 
about the intersections of blocks in a symmetric BIBD. 

Theorem 2.2. Suppose that (X,A) is a symmetric (v,k, A)-BIBD and denote A = 
{ A \ , . . .,A V }. Suppose that 1 < i,j <v,i^ j. Then \Aj C\Aj\ = A. 

Proof. We use the same notation as in the proof of Theorem 1.33 (Fisher's 
Inequality). Fix a value li, 1 < h < b. Applying equations (1.2) and (1.4), we 
have the following: 

E E s /= E ((r-A)e /+ (A A)) 

{i:XieA h } {j-.xieAj} {i:XieA h } 

= (r — A)s/j + k(A, . . . , A) 

, vtA k 

= ( r ~ A)s,j + 2_, ~~ s j- 

1 = i 

On the other hand, we can compute this double sum in a different way by 
interchanging the order of summation: 
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E E ■; = E E ■/ 

{v.XjeA,,} {j:XieAj} j = 1 {j:x ; eA,,nA ; -} 

b 

= ^ I A;, n Aj I Sy. 

;'=i 

Hence, we have that 

b \k b 

(r-A)s /i + ^— s ; - = El A ft nA ;l s r (2- 1 ) 

;=i 7=i 

Since b = v and r = k, we can rewrite equation (2.1) as 

(r - A)s,; + £ As, = £ | A h n A,|s,, (2.2) 

7=1 7=1 

In the proof of Theorem 1.33, we showed that S = ]R r ’, where 



S = | E a 7 s 7 : «i, • • • , H G R| . 

Since we are now assuming that b = v, it must be the case that S is a basis 
for IRA Since S is a basis for IR 1 ', the coefficients of any s ( on the left and right 
sides of equation (2.2) must be equal. Therefore, 



\A h n Aj\ = A 

for all j ^ h. Since h was chosen arbitrarily, it follows that \A fl A'\ = A for 
any two blocks A f A' . □ 

We observed in Theorem 1.34 that Fisher's Inequality also holds for non- 
trivial regular pairwise balanced designs. The next theorem shows that non- 
trivial regular pairwise balanced designs with b = v are, in fact, symmetric 
BIBDs. 

Theorem 2.3. Suppose that ( X , A) is a nontrivial regular pairwise balanced design 
with b = v. Then ( X,A ) is a (symmetric) ( v,k,A)-BlBD . 

Proof. We compute the sum 



E E 



1=1 {j-XieAj} 



in two ways. First, we have that 
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E E s ; = E(( r ~ A ) e ; + ( A '---' A )) 

i = 1 {j'.XjeAj} 1=1 

= (r- A + Ao)(l,...,l) 

\(v-l) + r£_ 

~ r L-, s j- 

;=i 

On the other hand, we can compute 

v b 

E E S ; = E E s ; 

i=i {j-.XieAj} j = l {j:x,eA ; } 

= El A ;l s h 

7=1 

Now, using the facts that b = v and S is a basis for IR°, it follows that 

IAI = 

for 1 < j < b. Hence, (X, A) is a (n,A:,A)-BIBD, where k = (X(v — 1) + r)/r. 

□ 

The next result is an immediate consequence of Theorems 1.17 and 2.2. 

Corollary 2.4. Suppose M is the incidence matrix of a symmetric (v,k, A)-BIBD. 
Then M T is also the incidence matrix of a (symmetric) (v,k, A)-BIBD. 

Corollary 2.4 says that the dual of a symmetric BIBD is again a symmetric 
BIBD. We note that these two BIBDs need not be identical or even isomor- 
phic. 

Here is another corollary of the results of this section. This result is a 
converse to Theorem 2.2. 

Corollary 2.5. Suppose that p is a positive integer and (X,A) is a (v, b,r,k, A)- 
BIBD such that \ A n A'\ = p for all A, A' e A. Then (X,A) is a symmetric BIBD 
and p = A. 

Proof. Theorem 1.17 ensures that the dual of (X,A) is a (b,v,k,r,p)- BIBD. 
Fisher's Inequality (for (X,A)) implies that b > v, and Fisher's Inequality 
(for the dual design) implies that v > b. Hence b = v, and then p = A follows 
from Theorem 2.2. □ 

2.2 Residual and Derived BIBDs 

Recall that Theorem 2.2 states that any two blocks of a symmetric BIBD con- 
tain A common points. This result provides another method of constructing 
new BIBDs from old. 
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Definition 2.6. Suppose that ( X,A ) is a symmetric (v,k, A)-BIBD, and let Aq g 
A. Define 

Der(X, A, A 0 ) = (A 0 , { A n A 0 : A G A, A A 0 }) 

and define 



Res(X, A, A 0 ) = (X\A 0 ,{A\A 0 : A G A, A A 0 ». 

Der(X, A, Ag) is called a derived BIBD, and Res(X, A, Ag) is called a residual 
BIBD. 

We form a derived design by deleting all the points not in a given block 
Aq and then deleting Aq. The residual design is constructed by deleting all 
points in Aq. 

It is clear that the derived and residual designs are BIBDs, provided that 
the block sizes are at least two, and at most the number of points minus one. 

Theorem 2.7. Snpposethat (X,A) isasymmetric (v,k, A)-BIBD, and let Aq g A. 
Then Der(X, A, Aq) is a ( k,v — 1 ,k — 1, A, A — 1)-BIBD provided that A > 2. 
Furthermore, Res(X, A, Ao) is a (v — k, v — l,k,k — A, A)- BIBD provided that k > 
A + 2. 

Proof. Der(X, A, Ao) is a BIBD with the stated parameters provided that k > 
A > 2 (k is the number of points in the derived design, and the blocks have 
size A). However, k > A in any symmetric BIBD because A(v — 1) = k(k — 1) 
and v > k, so this condition is superfluous. 

Res(X, A, Ao) is a BIBD with the stated parameters provided that v — k > 
k — A > 2 (v — k is the number of points in the residual design, and the blocks 
have size k — A). We now prove that v - k > k — A in a symmetric BIBD. 
Suppose that v < Ik — A; then we have k(k — 1) = A(z; — 1) < A(2k — A — 1). 
This is equivalent to (k — A) (k — A — 1) < 0. But k and A are integers, so this 
last inequality holds if and only ifk = AorA: = A + l. We are assuming that 
k > A + 2, so we have a contradiction. Therefore the condition v — k > k — A 
is superfluous. □ 

Let's consider an example: 

Example 2.8. An (11,5, 2)-BIBD is symmetric because 2(11 — 1) = 5(5 — 1). 
A residual BIBD is a (6, 3, 2)-BIBD, and a derived BIBD is a (5, 2, 1)-BIBD. 
In Figure 2.1, we have written out the 11 blocks in an (11, 5, 2) -BIBD. The 
block Ao = {1,3, 4, 5, 9}. The remaining 10 blocks are each partitioned into 
two parts, which form a (5, 2, 1)-BIBD on point set {1,3, 4, 5, 9} and a (6,3,2)- 
BIBD on point set {0,2, 6, 7, 8, 10}. I 

Suppose we write the parameters (z; — k, v — l,k,k — A, A) of a residual 
BIBD as (z/, b' , r' ,k' , A'). These parameters satisfy the numerical condition 
r' = k' + A'. A ( v , b, r,k, A)-BIBD with r = k + A is called a quasiresidual BIBD. 
A quasiresidual {v,b,r,k, A)-BIBD can be constructed as the residual BIBD 
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Fig. 2.1. Derived and Residual BIBDS of a Symmetric (11,5,2)-BIBD 



of a symmetric ( v + r, r, A)-BIBD, provided that this symmetric BIBD exists. 
(The numerical condition A(v + r — 1) = r(r — 1) necessarily holds when 
r = k + A, but this does not guarantee existence of the symmetric BIBD.) 

Similarly, we can write the parameters (k, v — l,k — 1, A, A — 1) of a de- 
rived BIBD as (v' ,b' ,r' ,k' , A'). These parameters satisfy the numerical condi- 
tion k' = A' + 1. Any ( v , b, r,k, A)-BIBD with A: = A + 1 is called a quasiderived 
BIBD. A quasiderived (v,b,r,k, A)-BIBD can be constructed as the derived 
BIBD of a symmetric (fc + l,r + l,A + l)-BIBD, provided that this symmetric 
BIBD exists. (Again, the numerical condition (A + 1 )b = r(r + 1) necessarily 
holds when k = A + 1, but this does not guarantee existence of the symmetric 
BIBD.) 

Here are a couple of examples. The parameter set (10, 15, 6,4, 2) is quasi- 
residual because 6 = 4 + 2. Therefore a (10, 15, 6,4, 2)-BIBD exists if a (sym- 
metric) (16,6,2)-BIBD exists. The parameter set (9,19,8,4,3) is quasiderived 
because 4 = 3+1. Therefore a (9, 18, 8,4, 3)-BIBD exists if a (symmetric) 
(19,9,4)-BIBD exists. Both of these symmetric BIBDs exist, so it follows from 
Theorem 2.7 that a (10, 15, 6,4, 2)-BIBD and a (9, 18, 8, 4, 3)-BIBD both exist. 

It is clear from the definitions that a residual BIBD is quasiresidual and a 
derived BIBD is quasiderived. The converse is, in general, not true. However, 
we will show in Theorem 5.10 that every quasiresidual BIBD with A = 1 is 
residual. (It is also true that any quasiresidual BIBD with A = 2 is residual, 
but this is much harder to prove.) 



2.3 Projective Planes and Geometries 

Definition 2.9. An ( n 2 + n + 1, n + 1, 1)-BIBD with n > 2is called a projective 
plane of order n. 

Observe that a (3, 2, 1)-BI BD certainly exists. For technical reasons, how- 
ever, this BIBD is not regarded as being a projective plane of order 1. Noting 
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that 1 (n 2 + n ) = (n + l)n, we see that projective planes are symmetric BIBDs. 
Therefore, from Theorem 2.2, every point occurs in n + 1 blocks and every 
pair of blocks intersects in a unique point. 

We now prove that a projective plane of order q exists whenever q is a 
prime power. Suppose q is a prime power. Let IFy be the finite field of order q , 
and let V denote the three-dimensional vector space over Hy. (To save space, 
we will write vectors (x\, x^, X 3 ) G V in the form X 1 X 2 X 3 .) 

Let Vi consist of all the one-dimensional subspaces of V, and let V 2 consist 
of all the two-dimensional subspaces of V. For each B G V 2 , define a block 

A b = {C G Vi : c C B}. 

Finally, define 

A = {A b : B G V 2 }. 

We claim that (Vi, A) is a projective plane of order q. 

First, observe that |C| = q and 000 G C for all C G Vi- The sets C\{000}, 
C G V 1 , form a partition of V\{000}. Flence, 

|Vi| = ~~T = + ^ + 1- 

q r 

Next, let B G V 2 . Clearly \B\ = q 2 . The sets C\{000} such that C G V 1 and 
C C B partition the set B\{ 000}. Flence, it follows that 

ff 2 -l 

\ a b \ = _ 1 = <7 + 1. 

q 1 

Finally, let C, D G V\, C f D. Clearly there is a unique two-dimensional sub- 
space B containing the one-dimensional subspaces C and D. This subspace 
determines the unique block Ag containing the points C and D. 

The discussion above establishes the following theorem. 

Theorem 2.10. For every prime pozver q > 2, there exists a (symmetric) (q 2 + q + 

1, ^ + 1, 1)-BIBD (i.e., a projective plane of order q). 

The (7, 3, 1)-BIBD presented in Example 1.3 is a projective plane of order 

2. We give another example of a projective plane now. 

Example 2.11. We construct a (13,4, 1)-BIBD, which is a projective plane of or- 
der 3. The construction takes place in the finite field Z 3 . The one-dimensional 
and two-dimensional subspaces of (Z 3) 3 are listed in Figure 2.2 and the 13 
blocks of the projective plane are presented in Figure 2.3. I 

The question of the existence of a projective plane of nonprime power 
order is one of the most celebrated open questions in design theory. We will 
see later in this section that projective planes of certain (nonprime power) 
orders can be proven not to exist. There is no known example at present of 
any projective plane of nonprime power order, and there are infinitely many 
orders where the existence question has not yet been answered. 
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Fig. 2.2. The One-dimensional and Two-dimensional Subspaces of (Z 3 ) 3 



a b 4 = {Ci,C 2 ,C 3 ,C 4 } 
a b 2 = {Ci,C 5 ,C 6 ,C 7 } 
a b 3 = {Q,C 8 , Cg, C10} 
a b 4 = {Ci,Cn,Ci 2 ,Ci 3 } 
a b 5 = {C 2 , C5, Cg, Cu} 
a b 6 = (C 2 , Q, Cg, C13} 

A B 7 = (c 2 , Cy, C10, Ci 2 } 
a b 8 = {C 3 ,C 5 ,C 9 ,C 12 } 

Ag, = {C 3 ,C 6 ,C 10 ,Cu} 
a b 10 = {C 3 ,C 7 ,C 8 ,C 13 } 

Ab„ = (Q, C5, C 10 , C 13 } 

A 8l2 = {C4, Cg, Cg,Ci 2 } 
a b 13 = {C4, C 7 , C 9 ,Cii}. 

Fig. 2.3. The Blocks of the Projective Plane of Order 3 



Definition 2.12. Let n > 2. An (n 2 ,n 2 + n,n + l,n, 1)-BIBD is called an affine 
plane of order n. 

It is easy to verify that the residual design of a projective plane of order n 
is an affine plane of order n. Therefore the following is an immediate conse- 
quence of Theorems 2.7 and 2.10. 

Theorem 2.13. For every prime power q > 2, there exists a ( q 2 , q, 1)-BIBD (i.e., an 
affine plane of order q). 

Note that the derived design of a projective plane has block size equal to 
one, and so it is not a BIBD. 

The projective planes we have constructed are usually denoted PG 2 (^). 
They are regarded as two-dimensional projective geometries. A straightfor- 
ward generalization to higher dimensions is given in the next theorem. 
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Theorem 2.14. Suppose q >2is a prime power and d > 2 is an integer. Then there 
exists a symmetric 



( q d+1 -l q d - 1 q d ~ l -\ 

V ‘i- 1 ' l - 1 ' 'i- 1 



-BIBD. 



Proof. Let V = (Fq) d+1 , let V\ consist of all one-dimensional subspaces of V, 
and let V,/ consist of all d-dimensional subspaces of V. Each d-dimensional 
subspace gives rise to a block, as before. □ 



Note that Theorem 2.10 is the special case d = 2 of Theorem 2.14. The 
points and blocks of the BIBD constructed in Theorem 2.14 correspond to the 
points and hyperplanes of the d-dimensional projective geometry, PG j(q). 

We can obtain residual BIBDs from the symmetric BIBDs constructed in 
Theorem 2.14. We get derived BIBDs as well when d > 2. These BIBDs have 
parameters as stated in the following Corollary. 



Corollary 2.15. Suppose q > 2 is a prime power and d > 2 is an integer. Then there 
exists a 

(gV- 1 , 2 ^)- bibd. 

Furthermore, if d > 2, there is a 



( q d - 1 q ^-l q(q d - 2 -l) 
y q—1 ' q—1 ' q — 1 



-BIBD. 



Observe that the second BIBD in Corollary 2.15 has the same parameters 
as q copies of PG d-i(q)- 



2.4 The Bruck-Ryser-Chowla Theorem 

We now look at two necessary existence conditions for symmetric BIBDs, 
which are known (together) as the "Bruck-Ryser-Chowla Theorem". 

Theorem 2.16 (Bruck-Ryser-Chowla Theorem, v even). Suppose there exists 
a symmetric (v, k, A)-BIBD with v even. Then k — A is a perfect square. 

Proof. Let M be the incidence matrix of a symmetric (v,k, A)-BIBD with v 
even. Then, from Theorem 1.13, and using the fact that r = k, we have that 
MM t = A J v + (k — A )I V . Since b = v, the matrices M and M T are v by v 
matrices. Let det() denote the determinant of a square matrix. Since 

det(MM r ) = (detM)(detM T ) = (detM) 2 

for any square matrix M, it follows that 

(detM) 2 = det(A/„ + (Jfc - A)J„). 
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We proceed to compute det(A/ c + (7c - A )I V ) by performing elementary 
row and column operations. (Recall that elementary row and column opera- 
tions do not affect the value of the determinant.) The matrix A J v + (k — A )I V 
looks like 

fk A A • • • A\ 

A k A • • • A 
A A k ■ ■ ■ A 

\A A A • • • k ) 

If we subtract the first row from every other row, then we obtain the matrix 

/ k A A ••• A \ 

X-kk-X 0 ••• 0 

A -k 0 k - A • •• 0 

\A-k 0 0 ••• k-XJ 

Now add columns 2 through v to the first column, obtaining the following: 

fk+ (v- 1)A A A ••• A \ 

0 k-X 0 ••• 0 

0 0 k- X ■ ■ ■ 0 

V 0 0 0 ••• k-XJ 

This matrix is an upper triangular matrix, so its determinant is the product 
of the entries on the main diagonal. Hence, we see that 

(detM) 2 = (k+(v-l)X)(k-X) v ~ 1 =k 2 (k-X) v ~\ 

where we use the fact that (v — 1)A = k(k — 1) in a symmetric BIBD. The 
matrix M has integer entries, so det M is an integer. Therefore, if v is even, 
then it must be the case that k — A is a perfect square. □ 

As an example, we use Theorem 2 . 1 6 to show that a (22, 7, 2 ) - B I B D cannot 
exist. First, if this BIBD were to exist, it would be symmetric, because 2(22 — 
1) = 7(7—1). However, 22 is even and 7 — 2 = 5 is not a perfect square, so 
we can conclude that the BIBD does not exist. 

Before stating and proving the second part of the Bruck-Ryser-Chowla 
Theorem, we record a couple of other results that are needed in the proof. 
The first is a well-known theorem from number theory, which we do not 
prove here. 

Lemma 2.17. For any integer n > 0, there exist integers uq, a\, « 2 , «3 > 0 such that 
n = ao 1 + a 2 + a 2 2 + a 3 2 . 
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The next lemma is easily verified. 

Lemma 2.18. Suppose that 

( ao a\ «2 0 3 \ 

q _ —01 00 —03 02 

-«2 03 00 -01 

\ —03 —02 01 00 / 

and /ef « = Oq 2 + a\ 2 + a 2 + a 2 . Then C _1 = pC T . 

Now we proceed to the Bruck-Ryser-Chowla Theorem in the case when v 
is odd. 

Theorem 2.19 (Bruck-Ryser-Chowla Theorem, v odd). Suppose there exists a 
symmetric (v,k, A)-BIBD with v odd. Then there exist integers x,y, and z (not all 
0) such that 

x 2 = (k - A )y 2 + (-l^-V^Az 2 . (2.3) 

Proof. First, we suppose that v = 1 (mod 4), and we denote v = 4w + 1. 

Let M be the incidence matrix of a symmetric (v, k, A)-BIBD. Let x\, . . . ,x v 
be indeterminates. For 1 < i < v, define 

V 

L i = X] m j,i x i- 
M 

Each L, is a linear function of the xf s having integral coefficients. 

With a bit of simple algebra, it can be shown that 

E L «' 2 = A (E +(k-\)'jrx j 2 . (2.4) 

i = i v=l / M 

We prove that the equation above holds as follows. First, we have that 

V V 

L 2 = £ E m jd m h,i x j x h ■ 

j= 1 h = 1 

Then, we have 



L L i 2 



i = 1 



17 



EEE m j,i m h,i x j x h 

i = 1 j = 1 /z = 1 



EE E XjX h . 

j=lh=l \i = 1 / 



Now, from Theorem 1.13, noting that r = A:, it follows that 
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V 



E 




if }*h 

if j = h. 



Substituting into the equation above, we have that 



E L i 2 = E Xx i x h + E kx j 2 

i = 1 {j,h:jj=h} 7=1 

V V V 

= E E ^ x j x h + E( fc - A ) x ; 2 

j = 1 /z— 1 y=l 

/ 17 \ ^ Z7 

= A E x ; + ( k - A ) E 

V=1 / /=! 



as desired. 

Equation (2.4) is an identity in the variables Xj, . . .q, in which all the 
coefficients are integers. Next, we transform the variables x\,...,x v into new 
variables \j\, . . . , y v , where each i/, is a certain integral linear combination of 
the Xj's. Let a 0/ a\, a 2 , a 3 be integers such that a 0 2 + flj 2 + a 2 2 + a 2 = k — A; 
these exist by Lemma 2.17. Let the matrix C be defined as in Lemma 2.18. 
Then, for 1 < h < w, let 

(y4h-3/y4h-2/3/4fc-l/y4fc) ( x 4h— 3, x 4h— 2/ x 4h— li x 4h)C. 

Finally, let y v = x v and let 

V 

yo = E x <- 

i= 1 

It is easy to see, using Lemma 2.18, that 

eV=(*-a)eV- 

;=1 7=1 

This follows from the following equations, which hold for 1 < h < w: 

y 4 /i-3 2 + Vih- 1 + y4/,-i 2 + Vi h 
= (y4fc-3/ y 4 ;i-2/ y^-i/ y 4 ;,)(y 4 ; ( -3/ y 4 /!-2/ y 4 /i-i/ yni) T 
{ x 4h—3r x 4h—2' x 4h — I / ■^4/z)f-'( ( x 4h—3 , x 4h—2' x 4h— 1/ -^4//)^-') 

(x 4 / ; _3, X 4 ;,_2, X 4ft _ 1 , X 4 /JCC (X4/ ; _3, X4/ 7 _2, X4/ 7 ) 

(* X4/2 — 3, X4/7 — 2, X 4 1;_1, x 4h) A )f 4 (^47/— 3' x 4h— 2/ x 4h— 1/ ^4/z) 

= {k-X) (X 4 ;,_3 2 + X 4 ,,_ 2 2 + X4, ; _ : 2 + X 4 , 2 ). 



Hence, it follows that 
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E L i 2 = A I/0 2 + E 3/; 2 + - A )y^ 2 - ( 2 -5) 

i = 1 7=1 

The L,'s were defined as integral linear combinations of the Xj's. However, by 
virtue of Lemma 2.18, we can express each Xj as a rational linear combination 
of j/i , . . . ,y v . Similarly, t/o is a linear combination of y\, . . . , y v having rational 
coefficients. 

In view of the observations above, equation (2.5) can be regarded as an 
identity in the indeterminates y \, . . . , y v in which all the coefficients are ratio- 
nal numbers. It is possible to specialize this identity by expressing any of the 
indeterminates as a rational combination of the remaining indeterminates, 
and the result will be an identity in the remaining indeterminates in which 
the coefficients are (still) all rational. 

First, suppose that 

V 

Li = E e iVi- 
1=1 

Ifei ^ 1, thenletyi = L],and ifq = 1, thenletyi = — Li. We have expressed 
yi as a rational linear combination of y 2 , ... ,y v in such a way that L\ = y 2 . 
Then equation (2.5) is transformed into the following identity in 1/2/ ■ ■ ■ ,y<y 

E L i 2 = A J/0 2 + E Vj 2 + ( k - A )i ! 2 - (2-6) 

1=2 7=2 

We continue in this fashion, eliminating the variables \j 2 , ■ ■ ■ , y-o- \ one at a 
time, making sure that each j/ ; is a rational linear combination of yj+\, ■ ■ ■ ,y-o 
such that i/y 2 = Lj 2 for all such j. We end up with the following equation: 

L 2 = Ay 0 2 + (k- X)i Jv 2 . (2.7) 

In this equation, L v and i/q are rational multiples of y v . Suppose that L v = sy v 
and t/o = ty v , where s, t G Q. Let y v = 1; then 

s 2 = At 2 + k — A. 

Now, we can write s = S 1 /S 2 and f = fi/f2, where si,S2, f 1, ^2 G Z and 
S2, f2 / 0. Our equation becomes 

(s 1 t 2 ) 2 = A(s 2 fi) 2 + {k - A)(s 2 t 2 ) 2 . 

If we let x = S] 72, y = s 2 t 2 , and z = s 2 t\, then we have an integral solution 
to the equation x 2 = (k — A )y 2 + (— l)^ -1 ^ 2 Az 2 in which at least one of x,y, 
and z is nonzero (note also that (— 1 )( D-1 )/ 2 = 1 because v = 1 (mod 4)). 

There remains the case v = 3 (mod 4) to consider. It is similar to the 
previous case, with a few modifications. Denote v = 4 iv — 1. Introduce a new 
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indeterminate, x v+ \, and add (k — X)x v+ \ - to both sides of equation (2.4), 
producing the following: 

V / V \ ^ Z7 + 1 

Y. ] L i 2 + ( k ~ h)xv+i 2 = A E x /' + (k - A) E Xj 2 . (2.8) 

1=1 V;=i ) ;=i 

Then, for 1 < h < w, let 

(3/4/i— 3' */4/i— 2/ Vih— 1' 3/4/i ) (.Xih— 3, Xifo— 2/ -H/i— 1/ ^-4/i)C- 



Finally, let 

V 

yo = E' t <- 

i=l 

Then we have that 



Z7 1/ + 1 

E L, 2 + ( k - h)x v+ i 2 = Mjo 2 + E y ; - 2 - (2-9) 

i=i y=i 

Proceed as in the case n = 1 (mod 4), eliminating all the L/s. The following 
equation results: 

( k - h)x v+ i 2 = Mj 0 2 + y v+ 1 2 . 

We end up with a solution to the equation x 2 = (k — A)y 2 + (— l)( E ’ _1 )/ 2 Az 2 
in which at least one of x,y, and z is nonzero (note that (— 1 )( D-1 h 2 = — 1 
when v = 3 (mod 4)). □ 

Theorem 2.19 is more difficult to apply than Theorem 2.16 because it in- 
volves determining if a certain diophantine equation has a nontrivial solu- 
tion. Here is an example to illustrate this: 

Example 2.20. We will show that a (symmetric) (43, 7, 1)-BIBD does not exist. 
Theorem 2.16 tells us that if this BIBD exists, then the equation 

x 2 + z 2 = 61 / (2.10) 

has a solution in integers, not all of which are zero. Let us assume that (x, y, z) 
is an integral solution to equation (2.10). Reducing this equation modulo 3, 
it follows that x 2 + z 2 =0 (mod 3). Since x 2 = 0, 1 (mod 3) for any integer 
x, the only way that we can have x 2 + z 2 = 0 (mod 3) is if x = 0 (mod 3) 
and z = 0 (mod 3). Let us write x = 3x] and z = 3zj, where X] and Z\ are 
integers. Then equation (2.10) becomes 

(3x x ) 2 + (3zi) 2 = 6 xj 2 , 

or 

3xi 2 + 3zj 2 = 2y 2 . 
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The left side of this equation is divisible by 3, so it must be the case that y = 0 
(mod 3). Writing y = 3t/i, we have 

3xi 2 + 3zi 2 = 2(3j/i) 2 , 
or 

xr + zi 2 = 6t/i 2 . 

We have shown that if (x,y,z) is any integral solution to equation (2.10), 
then (|, |, |) is also an integral solution to equation (2.10). This process 
can be repeated infinitely often, which is a contradiction unless (x, y, z) = 
(0, 0, 0). We conclude that the only solution to equation (2.10) is (0, 0, 0), and 
therefore a (43, 7, 1)-BIBD does not exist. I 

The example above was a bit tedious. It is worthwhile to use some results 
from number theory to establish a more general result. Let us first consider 
the situation of a projective plane of arbitrary order n. We will give a com- 
plete analysis of the Bruck-Ryser-Chowla conditions in this situation. 

First, suppose that n = 0,3 (mod 4). In this case, equation (2.3) reduces 
to x 2 = ny 2 + z 2 . This always has the nontrivial solution x = z = 1, 
y = 0. Therefore the Bruck-Ryser-Chowla Theorem does not yield any non- 
existence results for ( n 2 + n + 1 , n + 1, l)-BIBDs when n = 0,3 (mod 4). 

Now we turn to the case where n = 1,2 (mod 4). For such integers n, we 
have that ( n 2 + n) / 2 is odd, so the equation to be solved is x 2 = ny 2 — z 2 , or 

x 2 + z 2 = ny 2 . (2.11) 

We are interested in determining the conditions under which equation 
(2.11) has an integral solution ( x,y,z ) not all of which are zero. Although we 
do not give the proof here, it is possible to show that equation (2.11) has a 
solution of the desired type if and only if 

x 2 + z 2 = n (2.12) 

has an integral solution (x, z) . Furthermore, it is known precisely when equa- 
tion (2.12) has an integral solution. The following is a famous result from 
number theory. 

Theorem 2.21. A positive integer n can be expressed as the sum of two integral 
squares if and only if there does not exist a prime p = 3 (mod 4) such that the 
largest power of p that divides n is odd. 

Summarizing the previous discussion, we obtain the following result. 

Theorem 2.22. Suppose that n = 1,2 (mod 4), and there exists a prime p = 3 
(mod 4) such that the largest power of p that divides n is odd. Then a projective 
plane of order n does not exist. 
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The first few values of n for which Theorem 2.22 can be applied are n = 
6, 14, 21, 22, and 30. Hence, projective planes of these orders do not exist. 

We now turn to the situation of arbitrary A, where we derive an easy-to- 
use corollary of the Bruck-Ryser-Chowla Theorem. Before proceeding to our 
main result, we define the concept of a quadratic residue. Suppose that m > 2 
is an integer and a is any integer. Then we say that a is a quadratic residue 
modulo m if the congruence x 2 = a (mod m) has a solution x G Z m \{0}. For 
future reference, we record the following well-known result, which is known 
as Eider's Criterion. 

Theorem 2.23 (Euler's Criterion). An integer a is a quadratic residue modulo the 
odd prime p if and only if a (P -1 h 2 = 1 (mod p). 

A positive integer is said to be square-free provided that it is not divisible 
by j 2 for any integer / > 1 . Any positive integer n can be written uniquely in 
the form n = A 2 n | where A is a positive integer and n\ is square-free (note 
that we allow A = 1 and/or n\ = 1). The integer n\ is called the square-free 
part of n. 

Theorem 2.24. Suppose that v, k and A are positive integers such that X(v — 1) = 
k(k — 1) and v > k >2. Let Ai be the square-free part of\ and let n\ be the square- 
free part of k — A. Suppose that pis an odd prime such thatn\ = 0 (mod p), Aj ^0 
(mod p), and (— V)^°~ l ^ 2 A\ is not a quadratic residue modulo p. Then there does 
not exist a (v,k, A) -BIB D. 

Proof. We will prove that equation (2.3) does not have an integral solution 
(x, y, z) ^ (0, 0, 0). Assuming that it does, we will derive a contradiction. 

First, we have that A = B 2 Aj and k — A = A 2 ni, where A and B are 
positive integers. Then 

x 2 = ni (Ay) 2 + (— 1 )(w- 1 ) /2 a 1 (Bz) 2 . 

Letting y\ = Ay and z\ = Bz, the equation 

x 2 = n iyi 2 + ( — 1) ( p — 1 ) /2 A 1 z 1 2 (2.13) 

has a solution (x,y\,zf) (0,0,0). We can assume that gcd(x,yi,Zi) = 1 

(for if gcd(x, t/i,zi) = d > 1, then we can divide each of x, y\, and zi by d, 
obtaining a solution in which the gcd is equal to 1). 

Suppose that z\ = 0 (mod p). Then x = 0 (mod p) because n\ = 0 
(mod p). But if zi and x are both divisible by p, then Zi 2 and x 2 are both 
divisible by p 2 , and hence n \ y \ 2 is divisible by p 2 . n\ is square-free, so it is 
not divisible by p 2 . Therefore y\ is divisible by p. But then gcd(x, j/i,Zi) > p, 
which is a contradiction. We conclude that z\ ^ 0 (mod p). 

Now we reduce equation (2.13) modulo p. We obtain the following con- 
gruence: 
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x 2 = (— 1)(° 1 * /2 AiZi 2 (mod p). 

We proved above that z\ ^ 0 (mod p). Since p is prime, there exists a multi- 
plicative inverse Z \~ 2 mod p. Then 

(xzi -1 ) 2 = (— 1)^ _1 ^ /2 Ai (mod p). 

This means that (— l)U-l)/2;^ is a quadratic residue modulo p, which con- 
tradicts the hypotheses of the theorem. 

We conclude that equation (2.3) does not have a solution ( x,y,z ) ^ 
(0, 0,0). Hence, from Theorem 2.19, there does not exist a (v,k, A)-BIBD. □ 

We illustrate the application of the theorem above in the following exam- 
ple. 

Example 2.25. Consider the parameter set (v,k, A) = (67,12,2). We compute 
2 x 66 = 12 x 11, so it is conceivable that a (symmetric) (67, 12,2)-BIBDexists. 
We show that this is not the case using Theorem 2.24. 

We have Aj = 2 and n\ = 10, so we will take p = 5. We com- 
pute (— 1 )( i,_1 ^ 2 Ai = 3 (mod 5), and it is easily verified that 3 is not a 
quadratic residue modulo 5. Therefore we conclude from Theorem 2.24 that 
a (67, 12,2)-BIBD does not exist. I 

As another example, we show that Theorem 2.22 can be derived as a 
corollary of Theorem 2.24. 

Example 2.26. Suppose that n = 1,2 (mod 4) and there exists a prime p = 3 
(mod 4) such that the largest power of p that divides n is odd. We want to 
show, using Theorem 2.24, that an (n 2 + n + 1, n + 1, 1)-BIBD does not exist. 
Clearly we have Aj = A = 1, k — A = n, and ^ 0 (mod p). Using the 
fact that the largest power of p that divides n is odd, it follows that ri\ = 0 
(mod p). 

We need to verify that (— l)( t ' _1 )/ 2 Ai is not a quadratic residue modulo 
p. As observed previously, ( — 1) (c*— l)/ 2 = ( — 1) («"+?i )/2 _ _q w h en n = 1,2 
(mod 4). Therefore ( — 1 )( i,_1 ^ 2 Ai = — 1. However, using Euler's Criterion, it 
is immediate that —1 is not a quadratic residue modulo p if p = 3 (mod 4). 

It therefore follows from Theorem 2.24 that a projective plane of order n 
does not exist if the given hypotheses hold. I 

The Bruck-Ryser-Chowla Theorem was proven over fifty years ago. It is 
remarkable that no general necessary conditions for existence of symmetric 
BIBDs have been proven since then. In fact, the only nonexistence result for 
any symmetric BIBD, other than those ruled out by the Bruck-Ryser-Chowla 
theorem, is that a projective plane of order 10 does not exist. This was proven 
in 1989 using a computer. 
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2.5 Notes and References 

Lander [75] is a 1983 monograph devoted to symmetric designs. Tran [113] 
is a more recent survey. 

Dembowski [39] is a standard reference on projective geometries. Hughes 
and Piper [60] is a specialized study of projective planes. 

Most of the results in Section 2.1 (including Theorem 2.2) were proven in 
Ryser [89] and Chowla and Ryser [23]. 

The result that a quasiresidual BIBD with A = 2 is residual is known 
as the "Hall-Connor Theorem" and was proven in [54], There are quite a 
number of constructions for quasiresidual BIBDs that are not residual. Tran 
[112] gave an extensive treatment of this subject in 1990; see also Ionin and 
Mackenzie-Fleming [62] (and the references found therein) for more recent 
results. 

The theorem known as the Bruck-Ryser-Chowla Theorem was proven 
(for odd v) by Bruck and Ryser [18] and by Chowla and Ryser [23]. The part 
of the theorem pertaining to even v was first obtained by Schutzenberger 

[91]. 

The proof of the nonexistence of a projective plane of order 10 is due to 
Lam, Thiel, and Swiercz [74]. 



2.6 Exercises 

2.1 Give a proof of Theorem 2.2 in the special case A = 1 using the tech- 
nique of Exercise 1.19. 

2.2 Suppose that there is a symmetric (v,k, A)-BIBD, say (X, A), and de- 
note n = k — A. n is called the order of the symmetric BIBD (X, A). 

(a) Prove that the block complement of (X, A) has order n. 

(b) Prove that A 2 + (2 n — v)A + n 2 — n = 0. 

(c) Solve this quadratic equation for A. 

(d) Using the fact that A > 1, deduce that v < n 2 + n + 1. 

(e) Prove that v > An — A. 

2.3 Let (X, A) be a symmetric (v,k, A)-BIBD having order n = k — A. 

(a) If v = n 2 + n + 1, prove that (X, A) is a projective plane of order 
n (or its block-complement). 

(b) If v = An — A, prove that (v, k, A) = (An — l,2n — 1, n — 1) or 
(An — 1,2 n,n). 

(c) If v = An, prove that (v,k, A) = (Au 2 ,2u 2 ± u,u 2 ± u) for some 
positive integer u. 

Hint: Use the Bruck-Ryser Theorem and Exercise 2.2. 

2.4 Suppose that ( v , b, r, k, A) are parameters of a BIBD. 

(a) Prove that A(v + r — 1) = r(r — 1) whenever r = k + A. 

(b) Prove that (A + 1 )b = r(r + 1) whenever k = A + 1. 
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2.5 (a) State the parameters {v\,k\,A{) of the residual BIBD of a sym- 

metric ( v,k , A)-BIBD. 

(b) State the parameters (& 2 , ko, A2) of the derived BIBD of the block- 
complement of a symmetric (v,k, A)-BIBD. 

(c) Prove that the parameter triples (v\ ,k\,A\) and (»2/^2/A2) are 
identical if and only if k = 2 A + 1 and v = 4 A + 3. 

2.6 Suppose that a (v,k, A)-BIBD is both a derived and a residual BIBD. 
Prove that v = 2A + 2. 

2.7 Construct a projective plane of order 4 using the technique of Example 
2.11. 

Note: The finite field F 4 = Z 2 [x]/(x 2 + x + 1). 

2.8 Construct a (15, 7, 3)-BIBD using the method described in Theorem 
2.14. 

2.9 The following triples (v,k, A) all satisfy the condition A(v — 1) = 
k(k — 1), so they could be parameters of a symmetric BIBD. For each 
triple, investigate the Bruck-Ryser-Chowla conditions. You should ei- 
ther prove that the Diophantine equation 

x 2 = (k- A)y 2 + (— 1)( i '- 1 ) /2 Az 2 

has no integral solution ( x,y,z ) 7^ (0,0,0) (which implies that the 
BIBD does not exist) or find a solution (x,y,z) / (0,0,0) by trial and 
error (you are not required to try to construct the BIBD in this situa- 
tion). The parameter triples are as follows. 

(a) (29,8,2). 

(b) (53,13,3). 

(c) (43,15,5). 

(d) (81,16,3). 

(e) (77,20,5). 

(f) (85,28,9). 

2.10 A W(n,w) is an n x n matrix whose entries are elements of the set 
{0, 1, — 1} such that WV\f T = wl n . Prove the following Bruck-Ryser- 
Chowla type theorems for the existence of these matrices. 

(a) Suppose that a W(n,w) exists, where n is odd. Then prove that 
zv is a perfect square. 

(b) Suppose that a W(n,w) exists, where n = 2 (mod 4). Then prove 
that iv is the sum of two integral squares. 

Hint: Eventually, you should obtain an equation of the form 
Li 2 + L 2 2 = zv(y v _i 2 + y 2 ). Set y v -\ = 1 and y v = 0, and make 
use of the fact (which you are not required to prove) that an inte- 
ger is the sum of two integral squares if and only if it is the sum 
of two rational squares. 
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3.1 Difference Sets and Automorphisms 

We now study an important construction method for symmetric BIBDs. 

Definition 3.1. Suppose (G, +) is a finite group of order v in which the identity 
element is denoted "0". Unless explicitly stated, we zvill not require that G be an 
Abelian group. (In many examples, however, we zvill take G = ( Z v , +), the integers 
modulo v.) Let k and A be positive integers such that 2 < k < v. A (v,k, A)- 
difference set in (G, +) is a subset D C G that satisfies the follozving properties: 

l-\D\=k, 

2. the multiset [x — y : x,y G D ,x ^ y\ contains every element in G\{0} exactly 
A times. 

Note that X(v — 1) = k(k — 1) if a (v,k, A) -difference set exists. 

Example 3.2. A (21,5, 1) -difference set in (Z 2 i,+): 

D = {0,1,6,8,18}. 

If we compute the differences (modulo 21) we get from pairs of distinct ele- 
ments in D, we obtain the following: 



1-0 = 1 


0- 


1 = 20 


6-0 = 6 


0- 


6 = 15 


00 

1 

o 

II 

00 


0- 


8 = 13 


18-0 = 18 


0- 


18 = 3 


6-1 = 5 


1 - 


6 = 16 


8-1 = 7 


1 - 


8 = 14 


18 - 1 = 17 


1 - 


18 = 4 


<N 

II 

hO 

1 

00 


6- 


8 = 19 


18-6 = 12 


6- 


18 = 9 


1— * 
00 

1 

00 

II 

1— * 
o 


8- 


18 = 11 
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So we get every element of Z 21 \ { 0 } exactly once as a difference of two ele- 
ments in D. 1 



Example 3.3. A (15, 7, 3) -difference set in (Z 15 , +): 

D = {0,1,2,4,5,8,10}. 



I 



Example 3.4. A (16, 6, 2 (-difference set in (Z 4 x Z 4 , +): 

D = {(0,1), (0,2), (0,3), (1,0), (2,0), (3,0)}. 



(Note: This example is particularly interesting in view of the fact that there 
does not exist a (16, 6, 2)-difference set in (Zjg, +)•) fl 

Example 3.5. A (45, 12, 3 (-difference set in (Z 5 x Z 3 x Z 3 , +): 



D = 



( 0 , 0 , 0 ), ( 0 , 0 , 1 ), ( 0 , 0 , 2 ), ( 1 , 0 , 0 ), ( 1 , 1 , 0 ), ( 1 , 2 , 0 ), \ 

(2, 0, 0), (2, 1, 1 ), (2, 2, 2), (3, 0, 0), (3, 1, 2), (3, 2, 1) / ‘ 



I 



Example 3.6. A (36, 15, 6 (-difference set in (Zg x Zg, +): 

D = {(0,/) : 1 < i < 5} U {(i,0) : 1 < i < 5} U {(*',*') : 1 < i < 5}. 



I 



Example 3.7. We give an example of a difference set in a non- Abelian group. 
Consider the following group (written multiplicatively): 

G = {a'V : c? = b 7 = 1, ba = flb 4 }. 



It can be shown that G is a non- Abelian group of order 21. The set D = 
{a, a 2 , b,b 2 , b 4 } is a (21,5, 1) -difference set in (G, •). Because the group is writ- 
ten multiplicatively, what we mean by this is that 



{xy 1 : x,y G D,x ^y} = G\{1}. 



I 



Difference sets can be used to construct symmetric BIBDs as follows. Let 
D be a ( v , k , A) -difference set in a group (G, +). For any g € G, define 

D + y={x+y:xG D}. 

Any set D + g is called a translate of D. Then, define Dev(D) to be the collec- 
tion of all v translates of D. Dev(D) is called the development of D. 
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Theorem 3.8. Let D be a (v, k, X)-difference set in an Abelian group (G, +). Then 
(G, Dev(D)) is a symmetric (v,k, A)-BIBD. 

Proof. Suppose x,y £ G, x y. We first prove that there are exactly A ele- 
ments g £ G such that {x, y} C D+g. 

Denote x — y = d. There are exactly A ordered pairs (x' ,y') such that 
x' ,y' £ D and x' — y' = d. Let these ordered pairs be denoted (x,-,i/;), 1 < 
i < A. For 1 < i < A, define gi = —Xj + x. Then gj = — y, + y and { x,y } = 
{x t + gi,yi + gi} C D + gj. The gf s are distinct because the xfs are distinct, 
so this shows that there are at least A values of g such that { x, y } C D+g. 

Conversely, suppose that there are exactly i values of g such that { x, y } C 
D+g, namely g = h \, . . . , hp. (We have shown above that £ > A.) Then (x — 
hi) + (hi — y) = x — y = d for 1 < i < l. Also, {x — hi,y — hf C D for 
1 < i < £. The hf s are distinct, so we have found £ ordered pairs (V, t/'j £ D 
such that x' — y' = d. There are exactly A such ordered pairs, however, so 
i < A. 

We have therefore proven that i = A. Every block D+g contains k points, 
so the collection of v blocks D + g(g £ G) is a symmetric (v,k, A)-BIBD. □ 

Corollary 3.9. Suppose D is a (v, k, \)-difference set in an Abelian group (G, +). 
Then Dev(D) consists ofv distinct blocks. 

Proof. Suppose that D + g\ = D + gi, where g\ gi- Then the symmetric 
BIBD (G, Dev(D)) contains two blocks that intersect in k points. However, 
Theorem 2.2 states that any two blocks in a symmetric (v, k, A)-BI BD intersect 
in A points. The result follows. □ 

Thus, for example, the (21,5, 1)-BIBD developed from the difference set 
of Example 3.2 has 21 distinct blocks: 

{0, 1, 6, 8, 18}, { 1, 2, 7, 9, 19}, ..., {0, 5, 7, 17, 20} . 

The next result establishes the existence of nontrivial automorphisms of 
the symmetric BIBDs constructed from difference sets. 

Theorem 3.10. Suppose (G, Dev(D)) is the symmetric BIBD constructed from a 
(v ,k, \)-difference set D in a group (G, +). Then Aut(G, Dev(D)) contains a sub- 
group G that is isomorphic to G. 

Proof. For every g £ G, define the mapping g : G — > G as follows: 

g(x) =* + g 

for all x £ G. It is clear that each g is one-to-one and onto and therefore a 
permutation of G. Define G = (g : g £ Gj. G is a permutation group, and it 
is known as the permutation representation of G. 

We will prove the following: 
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1. (G,+) is isomorphic to (G, o), where the group operation "o" denotes 
composition of permutations; and 

2. (G, o) is a subgroup of Aut(G, Dev(D)). 

To prove the first assertion, we exhibit an isomorphism between (G, +) and 
(G, o). Define a. : G — * G in the obvious way: a(g) = g for all g £ G. First, a 
is a group homomorphism because 

(a(g)oa(h))(x) = (goh)(x) 

= Hg(x)) 

= Hx + g) 

= x + g + h 
= g + h(x) 

= *(g + h)(x) 

holds for all g,h,x £ G, and hence x(g) o cc(]i) = x(g + h) holds for all g,h € 
G. Next, it is clear that a is surjective. We also have that a is injective since 
g = h if and only if g = h. Hence a is a group isomorphism. 

To prove the second statement, we observe that 

g(D + h) = {£(*) :xeD + h} 

= {x + g : x £ D + h} 

= {x + g + h: x € D} 

= D + h + g. 

Hence, for any permutation g £ G and for any block D + h £ Dev(D), it 
holds that g(D + h) £ Dev(D). That is, every g £ G is an automorphism of 
(G, Dev(D)). Since G is a group, it is a subgroup of Aut(G, Dev(D)). □ 

Example 3.11. Consider the symmetric (7,3, 1)-BIBD developed from the dif- 
ference set {1,2,4} in (Z 7 ,+). The blocks of the BIBD are 124, 235, 346, 450, 
561, 602, and 013. 

The elements g of the group G = (Z 7 , +), and the elements g in its per- 
mutation representation, G, are as follows: 

g g 

0 ( 0 ) ( 1 ) ( 2 ) ( 3 ) ( 4 ) ( 5 ) ( 6 ) 

1 (0 1 23456) 

2 (0 246 1 3 5) 

3 (0 362 5 1 4) 

4 (041 5263) 

5 (0 53 1 642) 

6 (0 65432 1) 
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It is easy to verify that every permutation in G is an automorphism of the 
BIBD. I 

Under suitable conditions, a converse to Theorem 3.10 holds. We will 
prove a result of this type for the special case of a difference set in a cyclic 
group. However, before doing so, we state and prove some preliminary re- 
sults that will be required. 

Suppose that (X, A) is a symmetric (v, k, A)-BIBD, and suppose that a £ 
Aut(X, A), a is a permutation of X, and therefore it follows from Section 1.4 
that a consists of a union of disjoint cycles whose lengths sum to v. The cycle 
type of a is the collection (i.e., multiset) of the sizes of the cycles in the disjoint 
cycle representation of a. Recall that a fixed point of a is a point x such that 
a(a) = x. 

As an example, consider the permutation a of {0, ... ,8} defined as fol- 
lows: a(0) = 3, a(l) = 4, a( 2) = 2, a( 3) = 0, «(■ 4) = 5, a(5) = 1, a( 6) = 8, 
a (7) = 7, and a (8) = 6. If we write a as a union of disjoint cycles, then we 
have 

a = (0 3) (14 5) (2) (6 8) (7). 

The cycle type of a, written as a list of nondecreasing integers, is [1,1,2, 2, 3] . 
Note that a has two fixed points, namely 2 and 7. 

Any automorphism a of a symmetric BIBD, say (X, A), will permute the 
blocks in the set A. Hence, we can consider the permutation of A induced 
by a and define the cycle type of this permutation in the obvious way. A 
fixed "point" of this permutation is a block A € A that is fixed setwise by 
a; i.e., |a(x) : x £ A} = A. We refer to such a block as a fixed block to avoid 
confusion. 

We now state and prove a useful combinatorial lemma. 

Lemma 3.12. Suppose that (X,A) is a symmetric (v,k, A)-BIBD, and suppose that 
a £ Aut(X, A) has exactly f fixed points. Then a fixes exactly f blocks in A. 

Proof. Suppose that a fixes exactly F blocks. Define 

I = {(x,A) : x € X,A £ A, {x, a (a)} C A}. 

We will compute | / 1 in two different ways. First, we have 

V\ = E \i A G A '■ {ua(a)} C A } | 

iex 

= E \{A £ A: {x,a(x)} C A}\ 

{xeX:a(x)=x} 

+ E \{A £ A : {x,a(x)} C A}\ 

{xeX:a(x)^=x} 

= fk+(v-f) A. 



On the other hand, we have 
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\I\ = K* e x : U,x(x)} C A} | 

AeA 

= j{x G X : {x,a(x)} C A}| 

{AeA:x(A)=A} 

+ |{x G X : {x,a(x)} C A}|. 

{AeA:a(A)^A} 

Now, if a (A) = A, then a(x) G A for all x € A, and it is easily seen that 
{x G X : {x, a(x)} C A} = A. 

Therefore, 

|{iGX: {x,a(x)} C A}| = k. 

Now assume that a (A) A. Clearly, {x, oc(x)} C A if and only if x G 

A D a -1 (A). A f a -1 (A), and hence, applying Theorem 2.2, we have that 
| A n x -1 (A) | = A. Therefore 

|{x G X : {x, a(x)} C A) | = A, 

and hence 

|/| = Fk+ (v-F)A. 

Equating the two expressions we have derived for |/|, we have that 
fk+(v- f) A = Fk + (v - F) A. 



This implies that 



(f-F)(k- A)=0. 



In a symmetric BIBD, it holds that k f A, and hence we conclude that f = F. 

□ 



The proof of our next theorem will make use of a combinatorial tech- 
nique known as the "Mobius Inversion Formula". This interesting formula 
involves the Mobius function, denoted p, which is defined on the positive in- 
tegers as follows: 

! 1 if n = 1 

(—l)* if n = pi x • • • x pj., where the p{ s are distinct primes 
0 if n is divisible by p 2 for some prime p. 

We now state the Mobius Inversion Formula. 

Theorem 3.13 (Mobius Inversion Formula). Suppose that f,g : Z + — > IR are 

functions, and suppose that the following equation holds for all positive integers j: 

/O') = E *(*')• 

hi 
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Then the folloiving equation holds for all positive integers i: 

g(i) = Ef (y) /(;')• 

/|i '-■'7 

Theorem 3.14. Suppose that (X,A) is a symmetric (v,k, A)-BIBD, and suppose 
that a € Aut(X, .4). Then the cycle type of the permutation ofX induced by a is the 
same as the cycle type of the permutation of A induced by a. 

Proof. Suppose a permutation a of a finite set S has exactly c, cycles of length 
i, for 1 < i < | S | . Let fj denote the number of fixed points of the permutation 
od . It is not hard to see that a point x G S is fixed by the permutation od if 
and only if x occurs in a cycle of length i\j in the permutation oc. Hence the 
following equation holds: 

fj = L ic i- (3-1) 

hi 

The Mobius Inversion Formula can be used to solve for the c/s in terms of 
the ff s. This is easily done by defining g(i) = ic, and applying Theorem 3.13. 
The following formula is the result: 

c i = fj- (3- 2 ) 

Now suppose a is an automorphism of the symmetric (v,k, A)-BIBD 
(X, A). Then, for all j > 1 , A is an automorphism of ( X, A), and Lemma 
3.12 shows that the permutations of X and A induced by od have the same 
number of fixed points. Hence, by equation (3.2), the two permutations in- 
duced by a have the same cycle type. □ 

We give an example to illustrate the previous results. 

Example 3.15. We refer to the (7,3, 1)-BIBD, (X, A), that was presented in Ex- 
ample 1.23. Let the blocks be named A\, Ai , . . . , Ay, where 

A 1 = 123 ,A 2 = 145 ,A 3 = 167, A 4 = 246 ,A 5 = 257, A 6 = 34 7, Ay = 356. 

We showed in Example 1.23 that 

«=(1)(2)(3)(4 5)(6 7) 

is an automorphism of (X, A). The permutation of A induced by a is the 
following: 

(A 1 )(A 2 )(A 3 )(A4 A 5 )(A 6 Ay). 

Hence the two permutations induced by a have the same cycle type; namely 
[1/1/ 1/2, 2], 
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In this example, we have C\ = 3, C 2 = 2, fa = 3, and fa = 7. Also, 
}i(\) = 1 and it(2) = —1. It is easy to verify that equations (3.1) and (3.2) 
hold for j = 1,2: 

fa = ci = 3, 

fa = c i + 2 c 2 = 7 , 

Ci = ;<(l)/i —3, and 

„ F(2)/i + F(l)/2 „ 

2 

I 

We are now ready to prove a converse to Theorem 3.8 in the special case 
where the symmetric BIBD has an automorphism that is a single cycle of 
length v. 

Theorem 3.16. Suppose (X, A) is a symmetric (v,k, A)- BIBD having an automor- 
phism a that permutes the points in X in a single cycle of length v. Then there is a 
( v , k, A )- -difference set in (Z v , +). 

Proof. By relabeling the points if necessary, we can assume without loss of 
generality that X = {xq, . . . , x v _\} and tx(xj) = x i+ i mo( j v for 0 < i < v — 1, 
i.e., 

a = (xq x\ ■■■ x v -i). 

Choose any block A £ A. Define Aq = A, and for every positive integer j, 
define 

Aj { xfx ) . X £ Ag} {%i+j mod v ■ %i A Aq}. 

Every Ay is a block in A because <x) £ Aut(X, A). Also, we have that a(Ay) = 
Ay+i mod v by the way in which the Ay's are defined. Theorem 3.14 establishes 
that a permutes the blocks in A in a single cycle of length v. From this, it is 
seen that Aq, . . . , A v _ \ are distinct. 



A = {Ay : 0 < j <v — 1}, 



and a permutes the blocks in A as follows: 

a = (Ao Ai • • • Aj,_i). 

Now we define 

D = {i : Xj £ A 0 }. 

We will show that D is the desired difference set. Let g £ Z V/ g / 0. The 
pair {xq, Xa } occurs in exactly A blocks in A — say in A, v . . . , Aj . For each 
occurrence of a pair {xg ,x g } C A,-., we have a pair with difference g in the 
set D, namely, (g - ij) — (— if) = g (mod v), where 
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{—ij mod v,g — ij mod v} C D. 

These A pairs in D are distinct. Thus the difference g occurs A times in the set 
D for all nonzero g £ Z v . All occurrences of g in D are accounted for by this 
analysis, and hence D is a difference set. □ 

Theorem 3.16 can be generalized to arbitrary finite groups. Suppose 
G C S v is a permutation group acting on the c'-set X. G is sharply transi- 
tive provided that the following condition holds: for all x, x' £ X, there exists 
a unique permutation g £ G such that g(x) = x' . Note that |G| = v if it is 
sharply transitive. 

The following theorem can be proven in a fashion similar to Theorem 
3.16. 

Theorem 3.17. Suppose (X, A) is a symmetric (v,k, A)-BIBD such that G is a 
sharply transitive subgroup of Aut(X, A). Then there is a (v,k,A) -difference set 
in the group (G, o). 

We present an example to illustrate the application of Theorem 3.17 in the 
case of a noncyclic group. 

Example 3.18. We recall a construction for a symmetric (16,6,2)-BIBD that 
was mentioned in Exercise 1.13. Write out the integers in the set X = 
{0, . . . , 15} in a 4 x 4 array, as follows: 

0 12 3 
4 5 6 7 
M ~ 8 9 10 11 
12 13 14 15 

For every j, o <i< 15, define a block Aj consisting of all the elements in the 
row and column of M that contains j, excluding j. Then define A - { Aj : 0 < 
j < 15}. It is a simple exercise to show that (X, A) is a symmetric (16,6,2)- 
BIBD. 

By the way in which this design is constructed, it is not hard to show 
that it has many automorphisms. In particular, there is a sharply transitive 
subgroup, say G, of the automorphism group, such that G is isomorphic to 
Z 4 x Z 4 . This is easily seen because a cyclic permutation of the four rows, or 
the four columns, of the array M leaves the set of blocks unchanged. To be 
specific, we define two permutations of X: 

a = (0 1 2 3) (4 5 6 7) (8 9 10 11)(12 13 14 15) 
j6 = (0 4 8 12) (1 5 9 13) (2 6 10 14) (3 7 11 15). 

It can be shown that af = ftx and a 4 = ff = id, where id is the identity 
permutation. Therefore, a and f generate a subgroup G isomorphic to Z 4 x 
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Z 4 . It is also easy to see that G is sharply transitive. Therefore Theorem 3.17 
asserts that there exists a (16, 6, 2 (-difference set in Z 4 x Z 4 . 

Although we did not provide a proof of Theorem 3.17, we can still 
demonstrate how to construct the difference set using techniques similar to 
those used in the proof of Theorem 3.16. Suppose we relabel the points in X 
so that the array M is changed into the following: 

(0,0) (0,1) (0,2) (0,3) 

(1.0) (1,1) (1,2) (1,3) 

(2.0) (2,1) (2,2) (2,3) 

(3.0) (3,1) (3,2) (3,3) 

The reader can verify that the group G (with its points relabeled as described 
above) is the permutation representation of Z 4 x Z 4 . Then any block of the 
design forms the desired difference set. The difference set presented in Ex- 
ample 3.4 is one that can be obtained in this way. ® 



3.2 Quadratic Residue Difference Sets 

We introduced the concept of quadratic residues in Section 2.4. We now dis- 
cuss quadratic residues in a finite field Tly, where q is an odd prime power. 
The quadratic residues of are the elements in the set 

QR{q) = {z 2 : z G F ? ,z ^ 0}. 

We will also define 

QNRfa) = F,\(QRfa)U{0}). 

The elements of QNR(y) are called the quadratic nonresidues of F^. 

Using the fact that z 2 = (— z) 2 , it is not hard to prove that the mapping 
z 1 — > z 2 is a two-to-one mapping if z G F^\ {0 } and q is odd. From this, it can 
be proven that Q R ( ty ) is a multiplicative subgroup of F I? \{0} having index 
two, and QNRhyj is a coset of QR (q). The following facts can therefore be 
shown as a consequence: 

xy G QR(<y) if x,y G QR (q) 

xy £ QR(q) if x,y G QNR(y) 

xy G QNR(^) if x G QR((y),y G QNR(<y). 

We will now characterize the quadratic residues and nonresidues in a 
different way. We make use of the important fact (which we do not prove) 
that the multiplicative group (F (J \{0} / •) is a cyclic group. A generator of this 
group, say to, is called a primitive element of the field F (; . Clearly, an element 
to G F,j is a primitive element if and only if 

{to 1 '■ 0 < i < q — 2} = F^\{0}. 
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It is obvious that the set 



co 2i : 0 < i < 



is a subset of QR(^). Since 



co 2i : 0 <i< 



q — 3 



q — 3 



<7-1 



= mm. 



we have proven the following result. 

Lemma 3.19. Suppose q is an odd prime power and co is a primitive element in F^. 
Then 

QR (q) = | co 21 : 0 < i < ^ j • 

We now state and prove a useful corollary of Lemma 3.19. In the case 
where q is prime, this result follows from Euler's Criterion. (In fact, Euler's 
Criterion can be shown to hold in any finite field of odd order.) However, we 
give a proof using the facts about finite fields that we have discussed above. 

Corollary 3.20. Suppose q is an odd prime power. Then —1 G QR(<;) if and only if 
q = 1 (mod 4). 

Proof. Let co G F^ be a primitive element, and let 7 = uM~T)l 2 . Now, j 2 = 
ah'? -1 ) = 1 and 7 f 1, so 7 = — 1. The result now follows from Lemma 3.19. 

□ 



It follows that x G QR(^) if and only if — x G QNR(tj) whenever q = 3 
(mod 4) is a prime power. 

Our next result provides an infinite class of difference sets that are called 
quadratic residue difference sets. 

Theorem 3.21 (Quadratic Residue Difference Sets). Suppose q = 3 (mod 4) 

is a prime power. Then QR(^) is a (q,(q — l)/2 ,(q — 3) /4) -difference set in 
(!>-)• 

Proof. Denote D = QR(^). We have already shown that |D| = (q — l)/2. 
Hence, we need only to prove that every nonzero element of F (; occurs (q — 
3) /4 times as a difference of two elements in D. 

For any d G F^\ {0}, define 

a d = \{{x,y) : x,y G D,x~y = d}\. 

Clearly gx — gy = g(x - y ) for all g, x, and 1/, so the number of times any 
given difference d occurs in D is the same as the number of times the differ- 
ence gd occurs in gD, where gD = {gx : x G D}. Suppose that g G QR(^). 
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Then it is easy to see that gD = D, and therefore a d = a gd for all g G QR(^). 
Hence, there exists a constant A such that a d = A for all d G QR (q). 

Now, suppose that d G QNR(^), and let e = —d. We have that —1 G 
QNR(^) from Corollary 3.20, and hence e G QR(q). Observe that a d = a e 
because x — y = d if and only i f y x = e. Therefore it follows that a d = A 
for all d G F i; \{0}, and hence D is a (q, (q - l)/2. A) -difference set. We can 
compute A from the equation A(v — 1) = k(k — 1), which gives A = (q — 3)/4, 
as desired. □ 

Here is an example to illustrate this. 

Example 3.22. An (11,5, 2) -difference set in (Zu,-i). We compute l 2 = 1, 
2 2 = 4, 3 2 = 9, 4 2 = 5, and 5 2 = 3 (where all arithmetic is performed in 
Z] \). Hence, from Theorem 3.21, 

QR(ll) = {1,3, 4,5,9} 

is an (11,5, 2 (-difference set in (Zn,+). S 

We mention two related constructions for difference sets that involve 
quartic residues. For a prime power q = 1 (mod 4), the quartic residues in 
IFq are the elements of the set {z 4 : z G F t; ,z ^ 0}. Equivalently, the quartic 
residues are m 4 ', 0 < i < (q — 5)/4, where to is a primitive element in F (; . 

We state the following two theorems without proof. (The proofs, which 
are difficult, involve the determination of the so-called "cyclotomic num- 
bers" in the finite fields F^.) 

Theorem 3.23. Suppose that p = 4f 2 + 1 is prime and t is an odd integer. Then the 
quartic residues in Zpform a (4 f 2 + 1, f 2 , (f 2 — 1 ) / ^-difference set in (Z p , +). 

Example 3.24. {1,7,9,10,12,16,26,33,34} is a (37, 9, 2)-difference set in the 
group (Z 37 , +) that can be constructed using the theorem above. i 

Theorem 3.25. Suppose that p = 4 f 2 + 9 is prime and t is an odd integer. Then 
the quartic residues in Z p , together with 0, form a (4 f 2 + 9, f 2 + 3, (f 2 + 3)/4)- 
difference set in (Z p , +). 



3.3 Singer Difference Sets 

In this section we present an infinite class of difference sets, called Singer 
difference sets. These difference sets provide another method of constructing 
the projective planes of prime power order that we considered in Section 2.3. 

Theorem 3.26 (Singer Difference Sets). Let qbea prime power. Then there exists 
a (q 2 + q + 1, q + 1, 1 ) -difference set in (Z (?2+?+1 , +). 




3.3 Singer Difference Sets 



53 



Proof. Recall the construction of a symmetric (tj 2 + ^ + l,^ + l,l)-BIBD that 
was given in Section 2.3. V is a three-dimensional vector space over IFy; V\ 
consists of all the one-dimensional subspaces of V ; and the blocks A corre- 
spond to the two-dimensional subspaces of V , which were denoted by V^- 

The finite field F^ 3 is a three-dimensional vector space over lly, so we can 
take V = F 3 . Let w be a primitive element of F 3 , and define a mapping 
/ : V — » V by f(z) = ooz. It is easy to see that f(z + z') = f{z) + f{z') for all 
z,z' G V , and f(cz) = cf(z) for all z G V and all c G ¥ q . It follows that / is 
an F 9 -linear mapping on V, and hence it preserves subspaces of V; i.e., any 
subspace in V, is mapped by / to a subspace in V u i = 1, 2. This implies that 
f induces an automorphism of the resulting (q 2 + q + 1, q + 1, 1)-BIBD. 

F q is a sub field of F 3, and it is not hard to see that 

F, = {a /'7 2 +'7+ 1 > i ‘ : 0 < i < q - 2} U {(0,0,0)}. 

For any subspace W of V, it follows that ff 1 + c l+ 1 (W) = yy. As a consequence, 
it can be seen that / permutes the one-dimensional subspaces of F^ (i.e., 
the elements in the set V\) in a single cycle of length q 2 + q + 1 . Applying 
Theorem 3.16, we conclude that there exists a (q 2 + q + l,q + 1, 1) -difference 
set in (Z 9 2 +9+1 ,+). □ 

We now describe how to carry out the construction of a Singer difference 
set for a projective plane. We use the same notation as in the proof above. The 
points of the projective plane can be denoted as Q (0 < i < q 2 + q), where 



C; = span(a’ ! ), 

0 < i < q 2 + q. Then /(Q) = C i+1 mod q 2 +q , 0<i<q 2 + q. 

Suppose that the field F^ 3 is constructed as F (; [x]/ (g(x)), where g(x) G 
Tgj [ x ] is an irreducible cubic polynomial. Then elements of IF,.- can be repre- 
sented as polynomials in F 1? [x] having degree at most two. 

For j G F 1? , define yj G by the rule co y i = j + x (note that j + x G 

F^ 3 \ { 0 } , and hence it can be expressed in this form in a unique way). Then it 
is easy to see that span(l) = Co and 

span (j + x) = C y . modq 2+i?+1 

for all; G F ? . 

Now, let 

B = span(l, x) = {i + jx : i,j G F 1? }, 
and consider the block Ag. Then we have that 



A b = {span(l)} U {span(; + x) : j G F,} 
= {Q} U {^yy mod q 2 +q+l : j e F <?}- 
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Then the set 

D = {0} U {\jj mod q 2 + q + 1 : ; € F,,} 

is a (q 2 + q + 1 , q + 1 , Indifference set in (Z 2 +I?+ i, +)• 

We do an example to illustrate this. 

Example 3.27. Suppose q =3. The field F 2 7 can be constructed as the quotient 
ring Z 3 [x] / (x 3 + 2x 2 + 1 ) since x 3 + 2x 2 + 1 is irreducible in Z 3 [x] . It turns 
out that co = x is a primitive element in the resulting field F 27 . It is possible 
to compute the powers of co as follows: 



i 


co 1 


i 


co' 


0 


1 


13 


2 


1 


X 


14 


2x 


2 


x 2 


15 


2x 2 


3 


x 2 + 2 


16 


2x 2 + 1 


4 


x 2 + 2x + 2 


17 2x 2 + x + 1 


5 


2x + 2 


18 


x + 1 


6 


2x 2 + 2x 


19 


X 2 + X 


7 


x 2 + 1 


20 


2x 2 + 2 


8 


x 2 T x T 2 


21 2x 2 + 2x + 1 


9 2x 2 + 2x + 2 


22 


X^~ H - X H - 1 


10 


x 2 + 2x + 1 


23 2x 2 + x + 2 


11 


x 2 


24 


2x + 1 


12 


x 2 + 2x 


25 


2x 2 + x 



According to the discussion above, we need only compute the values \jj 
such that co- ! ) = j + x for j = 0,1,2. Referring to the table of values of 
co 1 constructed above, we see that yo = 1, yi = 18, and 1/2 = 11. Then 
D = {0,1,5,11} isa (13,4, Indifference set in Z 13 . I 

Using essentially identical arguments, the following difference sets, cor- 
responding to the projective spaces constructed in Theorem 2.14, can be 
shown to exist. These are also known as Singer difference sets. 

Theorem 3.28 (Singer Difference Sets). Suppose q > 2 is a prime power and 

' j , {pj-, q-i J -difference set in 

(^('7 rf+1 - 1 )/( < 7_ 1 ), +)■ 



3.4 The Multiplier Theorem 

3.4.1 Multipliers of Difference Sets 

In this section, we restrict our attention to Abelian groups. A very useful 
concept in the study of difference sets in Abelian groups is the idea of a mul- 
tiplier, which we define now. 
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Definition 3.29. Let D be a (v, k, \)-difference set in an Abelian group (G, +) of 
order v. For an integer m, define 

mD = {mx : x £ D}, 

where mx is the sum (computed in G) ofm copies ofx. Then m is called a multiplier 
ofD ifmD = D + gfor some g £ G. Also, we say that D is fixed by the multiplier 
m ifmD = D. 

Example 3.30. The set D = {0,1,5,11} isa (13,4, 1) -difference set in (Z 13 , +). 
It is easy to see that 3D = {0, 2, 3, 7} = D + 2, and hence 3 is a multiplier of 
D. 

2D = {0, 2, 9, 10} is a (13, 4, 1) -difference set. Suppose that 2D = D + g for 
some g £ Z 13 . There is a unique occurrence of the difference 1 in D (namely 
1 = 1—0) and a unique occurrence in 2D (namely 1 = 10 — 9). Hence (0, 1) + 
g = (9, 10), which implies g = 9. However, D + 9 = {3, 7, 9, 10} f 2D, so 2 is 
not a multiplier of D. ® 

As another example, any quadratic residue is a multiplier of the differ- 
ence sets of Theorem 3.21. 

We now establish some preliminary results concerning multipliers. 

Lemma 3.31. Suppose that m is a multiplier of a (v,k, A) -difference set D in an 
Abelian group (G, +) of order v. Then gcd (m, v) = 1. 

Proof. Suppose that gcd (m,v) > 1, and let p be a prime divisor of m and 
v. Let d £ G have order p. There must exist x,y £ D such that x — y = d. 
Then mx — my = md = 0. Hence, the set m D contains repeated elements, 
and therefore mD f D + g for any g. Therefore m is not a multiplier of D, a 
contradiction. □ 

Lemma 3.32. Suppose that m is a multiplier of a (v,k, A) -difference set D in an 
Abelian group (G, +) of order v. Define a. : G —> G by the ride a(x) = mx. Then 
a £ Aut(G, Dev(D)). 

Proof. We have that ni D = D + g for some g £ G. Now, consider what hap- 
pens when we apply ft to an arbitrary block of the design (G, Dev(D)): 

a(D + h) = m(D + h) = mD + mh = D + g + mh £ Dev(D). 

Therefore ft maps any block to a block, as required. □ 

An important result known as the "Multiplier Theorem" establishes the 
existence of multipliers in difference sets whose parameters satisfy certain 
arithmetic conditions. (A proof of this result will be given in Section 3.4.3.) 

Theorem 3.33 (Multiplier Theorem). Suppose there exists a ( v,k , \)-difference 
set D in an Abelian group (G, +) of order v. Suppose also that the following four 
conditions are satisfied: 
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1. p is prime, 

2. gcd(p,z;) = 1, 

3. k — A = 0 (mod p), and 

4. p > A. 

Then p is a multiplier ofD. 

Applying the Multiplier Theorem is made easier by the following result. 

Theorem 3.34. Suppose that m is a multiplier of a (v,k. A) -difference set D in an 
Abelian group ( G , +) of order v. Then there exists a translate of D that is fixed by 
the multiplier m. 

Proof. Define a(x) = mx for all x £ G. We proved in Lemma 3.32 that a € 
Aut(G, Dev(D)). Now, a(0) = 0, so a fixes at least one point. By Lemma 3.12, 
a fixes at least one block of Dev(D). In other words, there exists a translate of 
D that is fixed by the multiplier m. □ 

A more general result can be proven in the case where gcd (v, k) = 1. 

Theorem 3.35. Suppose that gcd (k,v) = 1 and there exists a (v ,k, A) -difference 
set D in an Abelian group (G, +) of order v. Then there exists a translate ofD that 
is fixed by every multiplier m. 

Proof. Let 

s = E *■ 

xeD 

It is easy to see that the following equation holds: 

E * = s + kg. (3.3) 

reD+g 

Now suppose that s + kg = s + kh, where g,h £ G and g f h. Then 
k(g — h ) = 0, so the order of g - h divides k. However, in any finite group, 
the order of any element divides the order of the group. Hence, the order of 
g — h divides v. Since gcd(k, v) = 1, it follows that g — h = 0, a contradiction. 

We have shown that the mapping g i — > s + kg is one-to-one. Since this 
is a mapping from G to G, it must be surjective, and therefore there exists a 
unique g £ G such that s + kg = 0. (In the case where G = (Z r , +), it is easy 
to see that g = -s/c~' mod v.) Hence, from equation (3.3), there is a unique 
g £ G such that 

E x = 0 - 

xeD+g 

Now let m be any multiplier of D. Then m is also a multiplier of the translate 
D + g, and we have 

E x = m ■ E x — 0- 

xem(D+g) xeD+g 

Recall that D + g is the unique translate of D whose elements sum to 0. Hence 
m{D + g) = D + g, and the translate D + g is fixed by all multipliers m. □ 
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A difference set (or a translate of a difference set) is said to be normalized 
if the sum of the elements in it is 0. In the proof of Theorem 3.35, we showed 
that there is a unique normalized translate of any (v, k, A)-difference set D in 
an Abelian group of order v when gcd(/c, v) = 1, and this unique normalized 
translate is fixed by all multipliers of D. 

Before proceeding to the proof of Theorem 3.33, we give some examples 
to illustrate the application of the Multiplier Theorem in particular parameter 
situations. 



Example 3.36. We use the Multiplier Theorem to find a (21, 5, Indifference set 
in (Z21, +). Observe that p = 2 satisfies the conditions of Theorem 3.33. 
Hence, 2 is a multiplier of any such difference set. By Theorem 3.34, we can 
assume that there exists a (21, 5, l)-difference set in (Z21, +) that is fixed by 
the multiplier 2. We therefore compute the orbits of Z21 formed by multipli- 
cation by 2. (These are in fact the cycles in the disjoint cycle representation 
of the permutation of Z21 defined by the mapping x 1— > 2x mod 21). These 
cycles (or orbits) are as follows: 

( 0 ) 

(1 248 16 11) 

(3 6 12) 

(5 10 20 19 17 3) 

(7 14) 

(9 18 15). 

The difference set we are looking for must consist of a union of orbits in the 
list above. Since the difference set has size five, it must be the union of one 
orbit of length two and one of length three. There are two possible ways to 
do this, both of which happen to produce difference sets: 

{3,6,7,12,14} 



and 

{7,9,14,15,18}. 



I 



Example 3.37. We use the Multiplier Theorem to investigate the existence of 
(31, 10, 3) -difference sets in (Z31, +). It is easily seen that p = 7 satisfies the 
conditions of Theorem 3.33, so 7 will be a multiplier of any such difference 
set. By Theorem 3.34, we can assume that there exists a (31, 10, 3) -difference 
set in (Z31, +) that is fixed by the multiplier 7. As in the previous example, 
we need to consider the orbits of Z31 under multiplication by 7. Of course 
(0) is one orbit. Let us consider the orbit containing "1". It is as follows: 



(1 7 18 2 14 5 4 28 10 8 25 20 16 19 9). 
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This orbit has length 15, and it is straightforward to verify that there is exactly 
one other orbit, also having length 15. Clearly there is no way to find a union 
of orbits having cardinality k = 10. We conclude that there is no (31, 10, 3)- 
diff erence set in (Z31 , + ) . I 

Example 3.38. We establish a result about ( n 2 + n + 1, n + 1, Indifference sets. 
Suppose that n = 0 (mod 6). Then p 2 and p = 3 both satisfy the con- 
ditions of Theorem 3.33, so they are both multipliers. Using the fact that 
n 2 + n + 1 = n(n + 1) + 1, it follows that gcd(n 2 + n + l,n + 1) =1. Hence, 
by Theorem 3.35, we can assume that there exists an ( n 2 + n + 1, n + 1, 1)- 
diff erence set, say D, that is fixed by both of the multipliers 2 and 3. Let 
x £ D, x n 0. Then 2x, 3x £ D. Clearly x ^ 2x 7^ 3x ^ 1. Now, if we com- 
pute 2x — x = 3x — 2x = x, we see that the difference x occurs twice in D. 
This is not allowed because A = 1, and we have a contradiction. We conclude 
that there is no ( n 2 + n + 1, n + 1, 1 (-difference set when n = 0 (mod 6). I 

3.4.2 The Group Ring 

The proof of the Multiplier Theorem uses an algebraic structure called a 
group ring. Let (G, +) be an Abelian group. The group ring Z[G] consists 
of all formal sums of the form 



E a s xS ' 

geG 



where a g £ Z for all g £ G, and x is an indeterminate. Informally, an element 
of the Z[G] looks like a polynomial in the indeterminate x having integer 
coefficients, except that the exponents are elements in the group G rather 
than nonnegative integers. 

If _ 

«(*) = E a 8 x8 



and 



geG 

b(x) = Y2 b g x s , 
geG 



then we can define the sum of a(x) and b(x ) to be 

(« + &)(*) = E ( a g + b g) x8 - 

geG 



The product of a(x) and b(x) is defined to be 

(«•&)(*) = E E ( a g b h) x8+H - 

gEG /zeG 

Thus we compute sums and products of elements of the group ring using the 
same formulas that are used to compute sums and products of polynomials. 
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With these operations, it is not hard to see that the group ring Z [G] is indeed 
a ring. 

Sometimes we will also make use of the group ring Z p [G] . This is defined 
in the same way as Z [G], except that the coefficients are elements of Z p . 
Suppose that a(x),b(x) € Z[G], a(x) = E a g x s , and b(x) = b g x%. Then we 
write a(x) = b(x) (mod p ) if a g = bg (mod p) for all g € G. 

We need to define some more notation. Recall that, for a positive integer 
m and any g £ G, mg is the nz-fold sum of g. For any a(x) = J^a g x s , define 

a{x m ) = J2 “ S x mS > 
geG 

a(x _1 ) = Y] a gX~ s , and 
geG 

fl (!) = E a g- 

geG 

Finally, define 

G(x) = X s , 
geG 

and for a difference set D in G, define 

D(x) = Yj xS - 

geD 

We now present some easy preliminary lemmas concerning difference 
sets and the group ring. 

Lemma 3.39. Suppose D is a (v, k, A)-difference set in an Abelian group G. Then 
D(x)D(x~ 1 ) = AG(x) + (k — A)x°. 

Proof. We have that 

D(x)D(x~ 1 ) = Y x8 ~ h 
g,he D 

= Y 

deG 



where 

x d = \{(g,h) GDxD :g-h = d}\. 

Clearly 

\k if d = 0 
‘ Xd ~[A if d ^0 

because D is a difference set. Therefore D(x)D(x~ 1 ) = AG(x) + (k — A)x°, as 
required. □ 
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Lemma 3.40. Suppose a(x) £ Z[G\. Then 

a(x)G(x) = a(l)G(x). 

Proof. We have that 

a(x)G(x) = Y2 a g xS+h 

g'heG 

= E E a S ) *'/ where g + h = i 

ieG \geG ) 

= E fl ( 1 ) j! 

ieG 

= a(l)G(x), 

as desired. 



□ 



Lemma 3.41. Suppose p is prime and a(x) £ Z[G]. Then 

(a(x)Y = a{x p ) (mod p). (3.4) 

Proof. We prove that (3.4) holds by induction on the number of nonzero coef- 
ficients in a(x). Suppose that a(x) has no nonzero coefficients; then a(x) = 0 
and (3.4) is trivially true. If a(x) has one nonzero coefficient, then a(x) = a g x8 
for some a g y 0. Then, in Z p [x], we have that 

(a(x)Y = (a g x s Y 
= agW* 

= a g x™ 

= a(x p ). 



where we use the fact that a g P = a g (mod p) if a g £ Z p . 

Now, as an induction assumption, assume that (3.4) holds when a(x) has 
at most i nonzero coefficients for some integer i > 1. Suppose that a(x) has 
exactly i + 1 nonzero coefficients. We can express a(x) in the form a(x) = 
fl,(x) + a g x g , where afx) has exactly i nonzero coefficients and a g y 0. Then 
we compute in Z p [x] as follows: 



(«(*)) P 



(«,-(*) + a g x s Y 

{afx)y + E {aiixmagjy-* + (“ g x g y 

j = l V// 

(ai(x)y + ( a g x s ) v because =0 (mod p) for 1 < j < p - 1 

a l {x p ) + a g x p % by induction 
a(x p ). 



By induction, (3.4) holds for all a(x) £ Z[G]. 



□ 
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If D is a (v,k, A) -difference set and m is a positive integer such that 
gcd(/«, v) = 1, then it is not hard to prove that mD is also a (v, k, A)-difference 
set. The next lemma uses this fact and is proven in a fashion similar to Lemma 
3.39. We leave the details for the reader. 

Lemma 3.42. Suppose D is a (v, k, A)-difference set in an Abelian group G. Suppose 
that m is a positive integer such that gcd (m, v) = 1. Then 

D(x m )D(x~ m ) = A G(x) + (k- A)x°. 



3.4.3 Proof of the Multiplier Theorem 

In this section, we present the proof of the Multiplier Theorem. For conve- 
nience, we restate the theorem now. 

Theorem 3.43 (Multiplier Theorem). Suppose there exists a ( v,k,A)-difference 
set D in an Abelian group (G, +) of order v. Suppose also that the following four 
conditions are satisfied: 

1. p is prime, 

2. gcd (p,v) = 1, 

3. k — A = 0 (mod p), and 

4. p > A. 

Then p is a multiplier ofD. 

Proof. We begin by computing the product D(x p )D(x~ 1 ) in Z p [G]: 

D(xf)D(x~ 1 ) = (D(x)yD(x~ 1 ) by Lemma 3.41 

= (D(x))P~ 1 D(x)D(x~ 1 ) 

= (D(x)) p ~ 1 (AG(x) + (k — A)x°) by Lemma 3.39 
= A kf~ 1 G(x) + (k — A )(D(x)Y~ 1 by Lemma 3.40 
= AJfcP _1 G(*) 

= A G{x), 

where we use the facts that D(l) = k, k = A (mod p), and AAT -1 = A p = A 
(mod p). Define 

S(x) = D(x p )D(x~ 1 ) - A G(x). (3.5) 

We have proven that S(x) = 0 (mod p); therefore all coefficients of S are 
divisible by p. Clearly, all coefficients of D(xP)D(x -1 ) are nonnegative, so 
it follows that all coefficients of S(x) are greater than or equal to —A. We 
assumed that p > A, so it must be the case that all coefficients of S(x) are 
nonnegative. 

We now compute S(x)S(x -1 ): 
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S(x)S(x -1 ) = (D(x p )D(x~ 1 ) - AG(x))(D(x~ p )D(x) - AG(x -1 )) 

= (D(x p )D(x~ 1 ) - A G{x)){D(x~ p )D(x) - A G(x)) 

= D(x p )D(x~ r> )D(x)D(x~ 1 ) + A 2 (G(x)) 2 

- AG(x)(D(x p )D(x~ J ) + D(x~ p )D(x)). 

Applying Lemmas 3.39, 3.40, and 3.42 and using the fact that G(l) = v, we 
see that 

D(x p )D(x~ p )D(x)D(x~ 1 ) = (AG(x) + (k - A)x 0 ) 2 

= A 2 (G(x)) 2 + 2(k - A)AG(x) + (k- A) 2 x° 

= A 2 vG(x) + 2 (k — A)AG(x) + (k — A) 2 x°. 



Similarly, we have that 

—A G(x)(D(x p )D(x~ 1 ) + D(x~ p )D(x)) +A 2 (G(x)) 2 = — 2A k 2 G(x) +A 2 vG(x). 
Combining everything, we have 

S(x)S(x -1 ) = (A 2 v + 2(k — A) A — 2A k 2 + A 2 v)G(x) + (k — A) 2 x°. 

The coefficient of G(x) can be simplified, as follows: 

A 2 v + 2 (k — A) A — 2A k 2 + A 2 v = 2A(Av + k — A — k 2 ) =0. 



Hence, we have that 

S(x)S(x -1 ) = (k — A) 2 x°. 

Let 

S(x) = s s xS - 

geG 

We have shown above that s g > 0 for all g £ G. Suppose that there exist 
g,li £ G, g ^ h, such that s g > 0 and s;, > 0. Then the coefficient of x s ~ h 
in S(x)S(x -1 ) is at least SgS^, which is greater than 0. This is a contradiction. 
Hence S(x) = s g x8 for some g £ G. Then 

S(x)S(x -1 ) = (sgX^)(sgX - ^) = (sg) 2 x°. 

Therefore (s^) 2 = (k — A) 2 , and since s g > 0, it must be the case that s g = k — 
A. Hence we have proven that S(x) = (k — A)x" for some g £ G. Substituting 
into (3.5), we see that 

D(x p )D(x~ 1 ) = (k — A)x s + AG(x). 

Now multiply both sides of this equation by D(x): 

D(x p )D(x)D(x~ 1 ) = D(x)((k - A)x% + AG(x)), 
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which can be simplified, using Lemmas 3.39 and 3.40, as follows: 

D(x p )(AG(x) + (k — A)x°) = D(x)(k — A)x 8 + A kG(x) 

A kG(x) + (k — A )D(x p ) = D(x)(k — A)x 8 + AkG(x) 

(k — A)D(x p ) = D(x)(k — A)x 8 
D(x p ) = x 8 D(x). 

Therefore pD = D + g, and we have shown that p is a multiplier of D, as 
desired. □ 

One important conjecture about the Multiplier Theorem concerns the re- 
quirement that p > A. This assumption certainly is used in the proof of The- 
orem 3.33. However, there is no known example of a difference set D and a 
prime p that satisfies the first three conditions of Theorem 3.33, where p is 
not a multiplier of D. Therefore many people have conjectured that the Mul- 
tiplier Theorem is true for all primes p satisfying the first three conditions of 
Theorem 3.33. This conjecture has not been proven, however. 



3.5 Difference Families 

We begin by generalizing the definition of a difference set to an object called 
a difference family. 

Definition 3.44. Suppose (G, +) is a finite group of order v in which the iden- 
tity element is denoted "0". Let k and A be positive integers such that 2 < k < 
v. A (v,k. A) -difference family in (G, +) is a collection of subsets of G, say 
[Di, . . . , D(\, such that the following properties are satisfied: 

1. | D,- 1 = k for all i, 1 < i < t, 

2. the multiset union 

l 

U l x ~y : X ' l J e D ir X^y] 

i = 1 

contains every element in G\{0} exactly A times. 

Example 3.45. A (13, 3, 1) -difference family in (Z 13 , +): 

{{0,1,4}, {0,2,8}}. 

The differences obtained from the first block are 1, 3,4, 9, 10, and 12, and the 
differences obtained from the second block are 2, 5, 6 , 7, 8 , and 1 1 . Therefore 
we obtain every nonzero difference exactly once. ® 

It is not hard to show that £ = A(v — 1 ) / (k 2 — k) if a (v, k, A)-difference 
family [Dj, . . . , D / j exists. Because £ is required to be an integer, it must be 
the case that A(v — 1 ) = 0 (mod k 2 — k) if a (v, k, A)-difference family exists. 
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Given a (v, k, A)-difference family in (G, +), we define Dev(Dj, . . . , D/ j to 
be the collection formed by taking all the blocks in Dev(D;), 1 < i < l. The 
following result generalizes Theorems 3.8 and 3.10. 

Theorem 3.46. Suppose Dj, . . . , D/ is a (v, k, A) -difference family in the Abelian 
group (G, +). Then (G, Dev(Di, . . . , Df)) isa(v,k, A)-BIBD, and Aut(G, Dev(D)) 
contains a subgroup G that is isomorphic to G. 

Now we consider the converse of Theorem 3.46. In the case of difference 
sets, we proved Theorem 3.17, which says that a symmetric BIBD in which 
the automorphism group has a sharply transitive subgroup implies the exis- 
tence of a difference set in that subgroup. This theorem does not generalize 
completely to difference families due to the existence of so-called short or- 
bits. We define and examine these objects now, using some of the concepts 
and terminology introduced in Section 1.4.1. 

Let H be a subgroup of the symmetric group S v acting on the elements of 
the c-set X. Let A be a subset of X having cardinality k, and let orbit(A) be 
the orbit of A under H. Define 

stab(A) = {a G H : ct{A) = A}; 

stab(A) is called the stabilizer of A. It is easy to see that stab(A) is a subgroup 
of H. 

We have the following result. 

Lemma 3.47. Let Hbea subgroup of the symmetric group S v acting on the elements 
of the v-set X, and suppose A C X. Then |orbit(A)| = |H|/|stab(A)|. Further- 
more, ifH is sharply transitive and ifgcd(\A\,v) = 1, then |orbit(A)| = v. 

Proof. For every A' G orbit(A), define H A i = {a G H : k(A) = A'}. 
Then H A = stab(A), and every H A > is a coset of H A . Since the cosets of 
the subgroup H A all have the same size and partition H, it follows that 
|orbit(A)| = |H|/|stab(A)|. 

Now assume that H is sharply transitive; then \H\ = v. We will prove 
that |A| = 0 (mod |stab(A)|). Then, because v = 0 (mod |stab(A)|) and 
gcd(|A|,i;) = 1, it must be the case that |stab(A)| = 1 and hence |orbit(A)| = 
v. 

So, we need to prove that \A\ =0 (mod |stab(A)|).Foreverya € stab(A), 
define a A to be the permutation a restricted to the points in A. The set of 
permutations stab(A ) J 4 = {a A : a G stab(A)} is a permutation group acting 
on A. Note that a A f a' A if ft f a' because H is sharply transitive, and 
therefore |stab(A)^| = |stab(A)|. 

We now apply the Cauchy-Frobenius-Burnside Lemma to the group 
stab(A)^. We have that fix(id) = \A\, where id is the identity permutation 
in stab(A)^. For any a A G stab(A)^, a. A id, it must be the case that 
fix(a^) = 0; this follows from the fact that H is sharply transitive. Us- 
ing Lemma 1.25, we compute the number of orbits of A under the group 
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stab(A) J 4 to be |A|/|stab(A)|. This number, being the number of orbits of A, 
must be an integer, so the proof is now complete. □ 

Suppose that (G, +) is a finite group and A C G, where |G| = v and |A| = 
k. Let orbit(A) denote the orbit of A under the permutation representation 
of G. Then it is easy to see that orbit(A) consists of all the distinct blocks 
in Dev(A). Equivalently, Dev(A) is formed by taking z>/|stab(A)| copies of 
every block in orbit(A). 

We illustrate the results above in the following example. 

Example 3.48. Consider the group G = (Zy, +). The permutation representa- 
tion of G is as follows: 

g g 

0 (0) (1) (2) (3) (4) (5) (6) (7) (8) 

1 (0 1 23456 78) 

2 (0 2468135 7) 

3 (0 3 6)(1 4 7) (2 5 8) 

4 (0 4837261 5) 

5 (0 5162738 4) 

6 (0 6 3)(1 7 4) (2 8 5) 

7 (0 7531864 2) 

8 (0 8765432 1) 

It is straightforward to verify that stab({0, 3, 6}) = {0, 3, 6}, or equivalently, 

{0,3,6} = {0,3,6} +3 = {0,3, 6} + 6. 

The orbit of the subset {0, 3, 6} has cardinality three: 

orbit({0, 3,6}) = {{0,3,6}, {1,4, 7}, {2,5,8}}. 

Dev({0,3, 6}) consists of three copies of each block in orbit({0, 3, 6}). I 

The following is an immediate corollary of Lemma 3.47. 

Theorem 3.49. Suppose that (G, +) is a finite group and A C G. Suppose that 
| G | = v and |A| = k, where gcd(k, v) = 1. Then Dev(A) = orbit(A). 

We now state a partial converse to Theorem 3.46. This result can be 
proven in much the same way as Theorem 3.16 (and the more general Theo- 
rem 3.17). Note that Theorem 3.49 ensures that there are no short orbits when 
gcd(k,z;) = 1; in the case of difference sets, we proved a similar result as a 
consequence of Theorem 3.14 without requiring that k and v be relatively 
prime. 

Theorem 3.50. Suppose that gcd (k,v) = 1 and (. X,A ) is a (v,k, A)-BIBD in 
which G is a sharply transitive subgroup of Aut(X, A). Then there is a (v,k, A)- 
dijference family in the group (G, o). 
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Theorem 3.50 is not true when gcd (k, v) > 1, as the next example demon- 
strates. 

Example 3.51. It is trivial to see that there is no (15, 3,1) -difference family 
(such a difference family would consist of 8/3 blocks, which is not an inte- 
ger). However, it is not difficult to construct a (15, 3, 1 )-BIBD in which the au- 
tomorphism group contains (Z 15 , +) as a sharply transitive subgroup. Such 
a BIBD can be described succinctly by taking the orbits of the three blocks 
{0,5, 10}, {0, 1,4}, and {0,2,8} under the group generated by the permuta- 
tion (0 1 • • • 14) (this is just the permutation representation of Z^). The 35 
blocks in this BIBD consist of two orbits of size 15 and one short orbit of size 
5 I 



3.6 A Construction for Difference Families 

In this section, we present a simple yet powerful construction for difference 
families in finite fields that is due to Wilson. We first define some notation 
and record a couple of simple preliminary results. 

For any two multisets A, B whose elements are from a finite field IF, ; , de- 
fine 

A o B = [ab : a £ A,b £ B], 

For a positive integer r and a multiset A, define 

r 

rA = A. 

i= 1 

Also, for any set A C F r/ , define the multiset 

A(A) = [a — a' : a, a' £ A, a ytz a']. 

Suppose that q is a prime power and let wbea primitive element of F^. 
For any integer f dividing q — 1, denote e = (q — 1) // and define 

H = {co ei : 0 < i < f- 1}. 

H is a subgroup of the multiplicative group (F 1 ? \{0},-) having order /. De- 
note the cosets of H by Hq, . . . , H e _ where Hj = co 1 H, 0 < j < e - 1. 

The following lemma, which we state without proof, will be useful. 

Lemma 3.52. For all H as defined above, it holds that 

A (H) = [co ei - 1 : 1 < i < f - 1] o H. 

Furthermore, iff is odd, it holds that 



A (H) = [1, —1] o [tv ei — 1 : 1 < i < (/ — l)/2] o H. 
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Here is a quite general construction for difference families in finite fields. 

Theorem 3.53. Let k > 2 and A > 1 be integers such that k divides 2A or k — 1 
divides 2A. Suppose that q is a prime power such that A (q — 1) = 0 (mod k 1 — k). 
Then there exists a (q,k, X)-difference family in (F^, +). 

Proof. Let co, e, f, and H be as defined above. Denote the cosets of H by 
Ho , . . . , H e _ i, where Hj = a TH, 0 < / < e — 1. 

We now consider four cases separately. 

Case 1: A = k — 1 

Let f = k. We show that 

[H 0 ,...,H e -i] 

is the desired difference family. Using Lemma 3.52, it is easy to see that 
A {Hi) = [x - 1 : x e H,x j- 1] o H { 
for 0 < i < e — 1. Then the multiset union of the A(H,)'s is seen to be 



e — 1 e—1 

U A (Hi) = U ^- 1 : 

i= 0 i= 0 

/e - 1 

= [co ei - 1 : 1 < i < f - 1] O MJ Hi 

\i = 0 

= [<n ei — 1 : 1 < i < /-l]o(F,\{0}) 

= (/-l)(F (? \{0}). 

Case 2: A = k 

Let f = k — 1 . We show that 

[H 0 U{0},...,H e _ 1 U{0}] 

is the desired difference family. First, we have that 

A(H; U {0}) = ([1, —1,] U [co ei — 1 : 1 < i<f-l])oH it 

0 < i < e — 1. The rest of the proof proceeds as in Case 1; here we have 
that the multiset union of the sets A(H, U {0}) is (/ + 1)(F^\{0}). 

Case 3: k is odd and A = (k - l)/2 

Let f = k. Note that q = 1 (mod 2k), so q is odd. q — 1 = ef and / is odd, 
so e must be even. We show that 



[Ho H f _ a ] 

is the desired difference family. Applying Lemma 3.52, we have that 




68 



3 Difference Sets and Automorphisms 



A (Hi) = [1,-1] o [w ei -1:1 <i<(f- l)/2] o H f 

for 0 < i < e/2 — 1. Now, using the facts that — 1 = co e ^ 2 , e is even, and 
/ is odd, it follows that —1 £ Hi. Therefore it holds that 

[— 1] o Hi = He 



which implies that 



A (H f ) = [cv ei - 1 : 1 <*<(/ - l)/2] o (Hf U H, +i ), 

0 < i < e/2 — 1. Now, it is easy to see that the multiset union of the 
relevant A(H,)'s is 

U A(H,) = jj [o;« - 1 : 1 < i < (/ - l)/ 2 ] o (H f U 

i=0 i=0 

( --1 

U (HiUHe +i ) 
i=0 

= ^(F,\{0})- 

Case 4: k is even and A = k/2 

Let f = k — 1; then t; is odd and e is even, and 

[«oU{0} h h u{0}] 

is the desired difference family. (The proof, which uses ideas from Case 2 
and Case 3, is omitted.) 

The four cases discussed above are sufficient to cover all possibilities. This 
is seen as follows. First, suppose that k divides 2A. Then A = s/c/2, where s 
is an integer. If k is even, then we can take s copies of the difference family 
constructed in Case 4. If k is odd, then s must be even, and we can take s/2 
copies of the difference family constructed in Case 2. 

If A: — 1 divides 2 A, the analysis is similar. Write A = s (7c — 1) /2, where s is 
an integer. If A: — 1 is even, then we can take s copies of the difference family 
constructed in Case 3. If k — 1 is odd, then s must be even, and we can take 
s/2 copies of the difference family constructed in Case 1. □ 

Example 3.54. We construct a (19,4, 2)-difference family using Theorem 3.53. 
Note that the necessary conditions are satisfied, and we use the construction 
given in Case 4. We have k = 4, / = 3, and e = 6 . a; : 2 is a primitive element 
in Z 19 , and the H/s are as follows: 
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H 0 = {1,7,11} 

Hi = {2,14,3} 

H 2 = {4,6,9} 

H 3 = {8,18,12} 

H 4 = {16,17,5} 

H 5 = {13,15,10}. 

The (19, 4, 2 (-difference family is 

[{0,1, 7, 11}, {0,2, 3, 14}, {0,4, 6, 9}]. 



Example 3.55. We construct a (16, 3, 2)-difference family using Theorem 3.53. 
The necessary conditions are satisfied, and we use the construction given in 
Case 1. We have k = 3, / = 3, and e = 5. to = x is a primitive element in 
Fi6 = Z 2 [x]/(x 4 + x + 1), and the H,'s are as follows: 

Ho = {1, x 2 + x,x 2 + x + 1} 

Hi = {x, x 3 + x 2 , x 3 + x 2 + x} 

H 2 = {x 2 , x 3 + x + 1, x 3 + x 2 + x + 1 } 

H 3 = {x 3 , x 2 + l,x 3 + x 2 + 1} 

H 4 = {x -4- 1, x 3 4- x, x 3 T 1}. 

The (16, 3, 2)-difference family (written in the additive group (Z 2 ) 4 ) is 



[{0001,0110, 0111}, {0010, 1100, 1110}, {0100, 1011, 1111}, 

{ 1000 , 0101 , 1101 }, { 0011 , 1010 , 1001 }]. 



I 



3.7 Notes and References 

There is a huge amount of literature on difference sets. The first comprehen- 
sive treatise on this topic was the 1971 monograph by Baumert [5]. Good 
starting points to learn more recent results include the 1992 survey by Jung- 
nickel [65] and Chapter 6 of Beth, Jungnickel, and Lenz [9]. Difference fami- 
lies are discussed thoroughly in Chapter 7 of [9]. 

Quadratic residue difference sets are also known as Paley difference sets 
and were first constructed in Paley [83]. Singer difference sets were described 
in [96]. 

The concept of a multiplier was introduced by Hall [52], The Multiplier 
Theorem is due to Hall and Ryser [55]. Bruck [17] is another important early 
paper on this toopic. 

Theorem 3.53 is due to Wilson [117]. 
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3.8 Exercises 

3.1 Give a direct combinatorial proof that the complement of a (v,k, A(- 
difference set is a difference set, and determine its parameters. 

3.2 Construct the following difference sets. 

(a) A (27, 13, 6) -difference set in (F27, +). 

Note: F27 can be constructed as Z3[x]/(x 3 + lx 2 + 1). 

(b) A (101, 25, 6 (-difference set in (Z101, +). 

(c) A (109, 28, 7) -difference set in (Zjq 9, +)• 

3.3 Use Singer's Theorem to construct a (31, 6, 1) -difference set in (Z31, +). 
In order to do this, you need to construct the field F125. IT 1 25 = 
Z5 [x] / (pc’ + x 2 + 2), and x is a primitive element of F125 in this rep- 
resentation. 

3.4 Suppose that m\ and 111 7 are both multipliers of a difference set D. 
Prove that 111-71112 is also a multiplier of D. 

3.5 Give a complete proof of Lemma 3.42. 

3.6 (a) Show that a (21, 5, 1 (-difference set in (Z2i,+) must have the 

integer m = 2 as a multiplier. 

(b) Determine all (21, 5, 1) -difference sets in (Z21, +) that are fixed 
by the multiplier m = 2. 

(c) How many translates of any (21, 5, 1) -difference set in (Z21, +) 
are fixed by the multiplier m = 2? Explain briefly. 

3.7 Use the Multiplier Theorem to find all (31,6,1) difference sets in 
(Z31, +) that contain the point "1". 

3.8 Prove that there is no (56, 11, 2) difference set in (Z56, +). 

Hint: At some point in the proof, it may be helpful to consider differ- 
ences in Z56 that are divisible by 7. 

3.9 Prove that there do not exist (ri 2 + n + 1, n + 1, 1) difference sets for 
n = 10, 14. 

3.10 {01,02,03, 10,20,30} is a (16, 6, 2 (-difference set in (Z4 x Z4, +). How 
many normalized translates does this difference set have? 

Note: This question has a short solution that does not involve checking 
all the translates. 

3.11 (a) Prove there does not exist a (25, 9, 3 (-difference set in (Z25, +) 

having a multiplier m = 2. 

(b) Prove that there does not exist a (25, 9, 3 (-difference set in (Z5 x 
Z5, +) having a multiplier m = 2. 

3.12 Find all ( 15, 7, 3)-difference sets in ( Z j 5 , +) that are fixed by the multi- 
plier m = 2. 

3.13 Give a complete proof of Lemma 3.52. 

3.14 Construct difference families with the following parameters: 

(a) (29,5,5). 

(b) (31,5,2). 

(c) (41,6,3). 

(d) (43,6,5). 
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3.15 Let v be odd. A difference triple modulo v is a subset of three integers 

{x,y,z} C —^—1 , 



where x < y < z, such that x + y = z or x + y + z = 0 (mod v) . 
Suppose v = 1 (mod 6). A set of t - |_§ j difference triples, say T = 

{Ti, . . . , Tf}, is denoted as an HDP(z;) provided that 




Remark: H DP is an abbreviation for Heffter's Difference Problem. 

(a) Suppose that T = {Ti, . . .,Tf} is an HDP(o). For every Ti = 
{x ir yi,Zi}, define D,- = {0, x„ X; + y,}, where x, < y, < z,-. Prove 
that {Dj, . . . , Df} is a (ly 3, 1) -difference family in (Z„, +). 

(b) By trial and error, construct HDP(z>j for v = 7, 13, 19, and 25. 
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4.1 Hadamard Matrices 



Definition 4.1. A Hadamard matrix of order n is an n x n matrix H in which 
every entry is ±1 such that HH T = nl n . 

It is trivial to see that (1) and (—1) are both Hadamard matrices of order 
1. In the next examples, we present Hadamard matrices of orders 2 and 4. 

Example 4.2. The following matrix is a Hadamard matrix of order 2: 



I 



Example 4.3. The following matrix is a Hadamard matrix of order 4: 

/I 1 1 1\ 

1-1 1-1 
1 1 - 1-1 ' 

\ 1 —1—1 1/ 

I 

Observe that we can multiply all the entries in any row (or column) of 
a Hadamard matrix by —1 and the result is again a Hadamard matrix. By 
a sequence of multiplications of this type, we can transform any Hadamard 
matrix into a Hadamard matrix in which every entry in the first row or col- 
umn is a "1". Such a Hadamard matrix is called standardized. 

Let the rows of a Hadamard matrix of order n be denoted r ( , 1 < i < n. 
The 0', /) -entry of HH T is in fact r, • r ( , where denotes the usual inner 
product of real vectors. Hence, it follows from the definition of a Hadamard 
matrix that r, ■ rj = 0 if i ^ j. 
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We have seen Hadamard matrices of orders 1, 2, and 4. The following 
result provides a necessary condition for the existence of a Hadamard matrix 
of order n. 

Theorem 4.4. If there exists a Hadamard matrix of order n > 2, then n = 0 
(mod 4). 

Proof. Suppose without loss of generality that H = (h h j) is a standardized 
Hadamard matrix of order n > 2. For 1 < i < n, let r, denote the zth row of 
H. Since ri consists of n "l"s and ?q ■ r, = 0 if i > 2, it follows that any row r, 
(where 2 < i < n) contains n/1 "l"s and n/2 l"s. Hence, n is even. 

Define 

« = I {)■ h 2 ,j = h 3/j = 1} |, 
b = \{j ■■ h 2 ,j = 1 ,h 3/j = -1}|, 

c = |0' : h 2/ j = -1, h 3 j = 1} |, and 
d = 10 : h 2rj = h 3/ j = -1}|. 

Then we have the following equations: 

a + b + c + d = n 
a + b - c — d = 0 
a — b + c — d = 0 
a -b — c + d = 0 

This system has the unique solution 

n 

a = b = c = d= —. 

4 

Since a, b, c, and d are integers, it must be the case that n = 0 (mod 4). □ 

It is a famous open conjecture, first stated by Jacques Hadamard in 1893, 
that there exists a Hadamard matrix of every order n = 0 (mod 4) . In fact, the 
smallest order n = 0 (mod 4) for which a Hadamard matrix is not currently 
known to exist is n = 428. 



since r\ ■ r 2 = 0 
since r\ ■ r 3 = 0 
since r 2 ■ r 3 = 0. 



4.2 An Equivalence Between Hadamard Matrices and BIBDs 

In this section, we show a connection between Hadamard matrices and cer- 
tain symmetric BIBDs. 

Theorem 4.5. Suppose m > 1. Then there exists a Hadamard matrix of order 4 m if 
and only if there exists a (symmetric) (4m — 1,2m — l,m — lj-BIBD. 
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Proof. Suppose H is a standardized Hadamard matrix of order n = Am. Let 
M be formed by deleting the first row and column of H and then replacing 
every "—1" entry by "0". 

Since every row r,- (2 < i < n) of H contains 2 m "l"s (as in the proof 
of Theorem 4.4), it follows that every row of M contains 2m — 1 "l"s. Fur- 
ther, the inner product of two rows of M is m — 1 (using the fact, proven in 
Theorem 4.4, that a = n/A = m). Hence, 

MM T = (rn - 1 ) 74m— 1 + 

Now, since HH T = (4 m)f 4m , we have that H _1 = -^H T , and hence H T = 
4mH _1 . Then we have that 

H t H = (Am)H~ 1 H = (Am) I^m, 

so H t is a Hadamard matrix. Note that H T is standardized since H is stan- 
dardized. Hence, every row of H T (except the first) contains 2m "l"s. This 
implies that every column of H (except the first) contains 2m "l"s, and thus 
every column of M contains 2m — 1 "l"s. Therefore, 



u 4m _iM = (2m - l)u 4w _i. 



Applying Theorem 1.13, we see that M is the incidence matrix of a (symmet- 
ric) (Am — 1,2m — 1, m — 1)-BIBD. 

Conversely, suppose that M is the incidence matrix of a symmetric (4m — 
1, 2m — 1, in 1 )-BIBD. Construct Hby changing every "0" entry to "—1" and 
then adjoining a new row and column of "l"s. 

Let 1 < i < Am. Then the (i, i)-entry of HH T is Am since every entry of H 
is ±1. Suppose that 1 </'</' < Am. The (/, / j-entry of HH T is computed to 
be 



1 + A — (r — A) — (r — A) + (i> — 2r + A) = 1 + (m — 1) — m — m + m = 0. 

Hence, it follows that HH T = (Am) f 4 ,„, and therefore H is a Hadamard ma- 
trix of order Am. □ 

Example 4.6. We presented a (7, 3, 1 )-B I BD in Example 1.3. This BIBD has the 
following incidence matrix: 

/I 1 1 0 0 0 0\ 

1001100 
1000011 
0101010 . 

0100101 
0011001 
\001 01 10 / 
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If we substitute 0 — > — 1 and add a row and column of "l"s, then we get the 
following Hadamard matrix of order 8: 

/I 1 1 1 1 1 1 1\ 

1 1 1 1 -1 -1 -1 -1 
1 1-1-1 1 1-1-1 
1 1 -1 -1 -1 -1 1 1 
1-1 1-1 1-1 1-1 ' 

1-1 1 - 1-1 1-1 1 

1 - 1-1 1 1 - 1-1 1 

\ 1 — 1 — 1 1-1 1 1 - 1 / 

I 

The following result is an immediate consequence of Theorems 3.8, 3.21, 
and 4.5. 

Corollary 4.7. There exists a Hadamard matrix of order 4 m if Am — 1 is a prime 
power. 

Given a symmetric BIBD, we can construct residual and derived BIBDs. 
We therefore have the following immediate consequence of Theorems 4.5 
and 2.7. 

Theorem 4.8. Suppose there is a Hadamard matrix of order Am. If m > 3, then there 
exists a (2 m — 1, m — 1, m — 2)-BIBD; ifm > 2, then there exists a (2m, m, m — 1)- 

BIBD. 



4.3 Conference Matrices and Hadamard Matrices 

In this section, we describe another construction for Hadamard matrices, 
which will provide a Hadamard matrix of order 2q + 2 whenever q = 1 
(mod 4) is a prime power. We need to define some new concepts before giv- 
ing the construction. 

For an odd prime power q, define the function Xq '■ h,/ — » {—1,0, 1} as 
follows: 

( 0 if x = 0 

Xq(x) = < 1 if x G QR (q) 

{ -1 if x G QNR (q). 

The function Xq is called the quadratic character in the finite field F ? . Observe 
that Corollary 3.20 states that ^ (? (— 1) = — lit q = 3 (mod 4), and Xq(~ 1) = 1 
if q = 1 (mod 4). We will make use of this fact a bit later. Another impor- 
tant fact about the quadratic character is that it is a multiplicative homomor- 
phism: Xq( x )Xq(y) = Xq(xy) for all x , y G Fq. This follows easily from results 
proven in Section 3.2. Additionally, we require the following fundamental 
properties of the quadratic character. 
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Lemma 4.9. Suppose q is an odd prime power. Then the following hold: 

2 • E *<?(*) = 0, and 

xeF, 

2 - E Xq(x)x q (x + y) = -l for all y e Z 9 \{0}. 

xeF, 

Proof. Part 1 follows because |QR(^)| = |QNR(^)| = (q — l)/2. 

To prove Part 2, we first observe that 

Xq(x)Xq(x + y) = T<? (*)*</ + y^ _1 ) = T<?(1 + y* _1 ) 

provided that x f 0. Now, using the fact that y f 0, it is easily seen that, as 
x takes on all nonzero values in F^, the quantity 1 + yx~ 1 takes on all values 
in F,j except for the value 1. Hence, we have that 

E Xq(x)Xq(x+y) = E *<?(!+ y* _1 ) 

xeF i; 

= E XqW 

xe¥q,x^=l 

= E Xq(x)-Xq0) 

xe¥ q 

= 0-1 
= - 1 . 



□ 

The Hadamard matrix construction also makes use of an auxiliary struc- 
ture that we define now. 

Definition 4.10. A conference matrix of order n is an n x n matrix C = (,Cjj) in 
which every entry is 0, 1, or —1 such that c lA = 0 for all i and CC T = (n — 1 )I n . A 
conference matrix C = (c^) is a symmetric conference matrix if c h j = Cjjfor all 
bl- 



it is easy to see that the only "0" entries in a conference matrix are the 
entries on the main diagonal. Also, using a counting argument similar to 
that used in the proof of Theorem 4.4, it can be shown that n = 2 (mod 4) is 
a necessary condition for a symmetric conference matrix of order n to exist. 
A further necessary condition can be obtained (via a Bruck-Ryser-Chowla 
approach), which is stated in the following theorem. 

Theorem 4.11. If a symmetric conference matrix of order n exists, then n = 2 
(mod 4) and n — 1 is the sum oftzvo integral squares. 




78 



4 Hadamard Matrices and Designs 



We now give a construction for an infinite class of symmetric conference 
matrices. Suppose q = 1 (mod 4) is a prime power. Define a matrix W = 
(iVjj), in which the rows and columns are indexed by F I? U {oo}, as follows: 

! 0 if i = j = oo 

1 if i = oo, j ^ oo 

1 if i zfi oo, j = oo 

Xq(i-j) if h/ e F ? . 

Theorem 4.12. Suppose q = 1 (mod 4) is a prime power. Then the matrix W de- 
fined above is a symmetric conference matrix of order q + 1. 

Proof. Clearly, the diagonal entries of W are all 0, and every off-diagonal en- 
try is ±1. This implies that the (i, i) entry of WW T is q for all i € F,j U {oo}. 
Furthermore, Xq(~ 1) = 1 because q = 1 (mod 4), and therefore it follows 
that W is symmetric. 

It remains to show that, if i / /, then the (i,j) entry of WW 1 is 0. First, 
suppose that i, j € IF, ? , i / j. Then, using Lemma 4.9, Part 2, the ( i,j ) entry of 
WW T is 



i+ E - h)xq(i — h) = i+ E A:?(*)A:?(*+y) 

heWq are IF q 

= l + (-l) 

= 0. 



(Note the change of variables x = i — h,y = j — i used in the computation 
above.) Next, suppose that i e The (i, oo) entry (or the (oo, i) entry) of 
WW T is 

E *<?(*) = ° 

orelF,y 

from Lemma 4.9, Part 1. This completes the proof. □ 

Example 4.13. Suppose we take q = 5. We have QR(5) = {1,4}, so XqO-) = 
Xq( 4) = 1, ^<j(2) = Ti?( 3) = — 1/ and Xq (0) = 0. Then we construct a symmet- 
ric conference matrix W as follows: 



W = 



/ 0 1 1 1 1 1 \ 

1 0 1 - 1-1 1 

1 1 0 1 - 1-1 

1-1 1 0 1-1 

1 - 1-1 1 0 1 

\1 1 - 1-1 1 0 / 



I 
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A symmetric conference matrix of order 2 is trivial: 




Theorem 4.12 yields symmetric conference matrices of orders 6, 10, 14, 18, 
26, 30, 38, 42, etc. Orders 22 and 34 are not possible, by Theorem 4.11. Thus 
we already are able to determine the existence or nonexistence of symmetric 
conference matrices of all possible orders less than 46. 

We now present a construction of Hadamard matrices from symmetric 
conference matrices. 

Theorem 4.14. Suppose C is a symmetric conference matrix of order m. Then the 
matrix 

_ ( C + I m C — I m \ 

“ \ C-I m -C-l m ) 

is a Hadamard matrix of order 2m. 

Proof. Since C is symmetric, we see that H T = H. Also, every entry of H is 
±1. Then we can compute HH T as follows: 

ttttT _ f C + I m C — I m \ / C + I m C — I m \ 

~~ \C-I m -C-I m ) \C-I m -C-I m ) 

_ (A x A 2 \ 

Us MJ' 

where 

Ai = ( C + I m ) 2 + (C-I m ) 2 , 

A 2 = (C + J m )(C - Im) + (C - I m )(-C - I m ), 

Aj, = (C — Im)(C + I m ) + ( — C — Im)(C — I m ), and 
A A = (C- Im ) 2 + (-C - Im) 2 . 

It is not hard to verify that A? and A3 are both m x ill matrices of "0"s. 
Furthermore, we have 



A\ = 2C 2 + 2(I m ) 2 

= 2(m 1 )Im T 2(I m ) 

= (2 m)I m . 



Similarly, A4 = (2 m)I nl - Thus, we have 



HH t 





as desired. 



□ 
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Example 4.15. From the conference matrix of order 6 constructed in Example 

4.13, we obtain the following Hadamard matrix of order 12: 

/ 1 1 1 1 1 1 -1 1 1 1 1 l\ 

1 1 1-1-1 1 1-1 1-1-1 1 
1 1 1 1 - 1-1 1 1-1 1 - 1-1 
1-1 1 1 1-1 1-1 1-1 1-1 
1 - 1-1 1 1 1 1 - 1-1 1-1 1 

1 1 - 1-1 1 1 1 1 - 1-1 1-1 

-1 1 1 1 1 1 -1 -1 -1 -1 -1 -1 ' 

1-1 1-1-1 1 -1 -1-1 1 1 -1 
1 1-1 1-1-1 -1 -1 -1-1 1 1 
1-1 1-1 1-1-1 1 -1 -1 -1 1 
1 - 1-1 1-1 1-1 1 1-1 -1 -1 
\ 1 1-1-1 1 -1 -1 -1 1 1-1-1/ 

I 

The following result is an immediate consequence of Theorems 4.12 and 

4.14. 

Corollary 4.16. There exists a Hadamard matrix of order 4 m if 2m — 1 is a prime 
power and m is odd. 

4.4 A Product Construction 

The construction we study in this section is a recursive construction called 
the Kronecker Product. Suppose Hj = (h^j) is a Hadamard matrix of order n\ 
and H 2 is a Hadamard matrix of order n 2 . We define the Kronecker Product 
Hi (g) H 9 to be the matrix of order ii] 112 obtained by replacing every entry h h j 
of Hi by the x «2 matrix (where xHo denotes the matrix obtained 

from H 9 by multiplying every entry by x). 

Example 4.17. Let Hi be the Hadamard matrix of order 2 presented in Exam- 
ple 4.2, and let H 2 be the Hadamard matrix of order 4 presented in Example 
4.3. Then Hi ® H 2 is the following matrix of order 8: 

/I 1 1 1 1 1 1 1\ 

1-1 1-1 1-1 1-1 
1 1-1-1 1 1-1-1 
1-1-1 1 1-1-1 1 
1 1 1 1 -1 -1 -1 -1 ' 

1-1 1-1-1 1-1 1 
1 1 -1 -1 -1 -1 1 1 
\ 1 — 1 — 1 1-1 1 1-1/ 



I 
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Theorem 4.18 (Kronecker Product). If H\ is a Hadamard matrix of order n ] and 
H 2 is a Hadamard matrix of order n 2 , then Hj ® H 2 is a Hadamard matrix of order 
nin 2 . 

Proof. Suppose the rows of Hi ® H 2 are indexed by {1, . . . , n{\ x {1, . . . , n 2 }, 
so that row ( i,j ) of Hj ® H? is in fact row j within the « 2 x («i« 2 ) submatrix 

{hi,\H 2 ... h i/ni H 2 ). 

We need to compute the inner product of two rows of H\ 0 H 2 , say rows (i, j) 
and (k, £'). We have the following: 



”1 

row ( i,j ) • row (k, €) = ^ h ia ( row / of H 2 ) • row t of H 2 ) 

fl = l 



= ((row i of Hi) • (row A: of H^)) 

x ((row / of H 2 ) • (row f of H 2 )) 

= f «i«2 if (i,j) = (M) 

I 0 otherwise. 



Hence, Hi ®H 2 is a Hadamard matrix. □ 

Ths following corollary of Theorem 4.18 is obtained by letting n\ = 2, 
n 2 = n. 

Corollary 4.19. If there exists a Hadamard matrix of order n, then there exists a 
Hadamard matrix of order 2 n. 



4.5 Williamson's Method 

The constructions described to this point allow us to construct Hadamard 
matrices of all possible orders n < 88 . A Hadamard matrix of order 92 was 
first constructed using a method suggested by Williamson, which we de- 
scribe in this section. 

The basis for the construction is the following matrix identity, which is es- 
sentially the same as the one stated as Lemma 2.18: If a, b, c, and d are integers 
(or, indeed, elements of any commutative ring), and 

/—a b c d\ 

_ b a d —c 

c — d a b ' 

\ d c —b a J 

then HH r = ( a 2 + b 2 + c 2 + d 2 )1 4 . The Hadamard matrix construction is 
obtained by replacing a, b, c, and d by matrices that satisfy certain properties. 
The proof of the following result is straightforward. 
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Theorem 4.20. Suppose that A, B, C, and D are n x n matrices that satisfy the 
following properties: 

1. A,B, C, and D are symmetric matrices having entries ±1; 

2. the matrices A, B, C, and D commute. 

Define the matrix 

f-A B C D\ 

B A D -C 

H ~ C — D A B ' 

\ D C ~B A 

and denote A 2 + B 2 + C 2 + D 2 = M. Then 



HH t = 



(M 0 0 0\ 
OM 0 0 
0 OM 0 ' 

\ 0 0 OM/ 



where the "0" entries denote n x n blocks of" 0 "s. 



Corollary 4.21. Suppose there exist n x n matrices, A, B, C, and D, that satisfy the 
following properties: 

2. A, B, C, and D are symmetric matrices having entries ±1; 

2. the matrices A, B, C, and D commute; 

3. A 2 + B 2 + C 2 + D 2 = Anl„. 

Then there is a Hadamard matrix of order An. 



Example 4.22. Let 



and let 



A = 



B=C=D= 




The conditions of Corollary 4.21 are easily verified. In particular. A 2 = 3/3 
and B 2 = C 2 = D 2 = 4 J 3 - J 3 , so A 2 + B 2 + C 2 + D 2 = 12 1 3 . Hence there 
exists a Hadamard matrix of order 12. i 



An n x n matrix, say A = is said to be a circulant matrix provided 
that a l+ j m0(3 n j + i mo( j n = aj t j for all i, j. In other words, the entries on any 
(circulant) diagonal are constant. In practice, it is convenient to take A, B, C, 
and D to be circulant matrices, as was done in Example 4.22. 

Fix a positive integer n, and let U = (u h j) be the matrix where 
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f 1 if j — i = 1 (mod n) 

Ul, i \ 0 otherwise. 

Now, it is easy to see that any matrix of the form Y%Zo a i^‘ is a circulant 
matrix. In fact, any circulant matrix can be expressed in this way in a unique 
fashion; this is clear because 

2 Rfi — 1 \ 

tin— 3 ttn—2 
tin — 1 «0 / 

The sequence (^q, fli, . . . , 0 n _ 2 , a n- 1 ) is j us t the first row of the matrix A. 

Now suppose we stipulate that A, B, C, and D are circulant matrices as 
follows: 

n— 1 

A = E aiU\ 

i= 0 
n — 1 

B = E 
/— o 

n— 1 

c= x: an d 

/— 0 
n— 1 

D = £ djU '. 

!=0 

Let us consider the conditions of Theorem 4.20. Since the four matrices A, 
B, C, and D are all expressed as polynomials in the matrix If, it is clear that 
they commute. If a,, bi, Cj, di = ±1 for all i, then A, B, C, and D will all have 
entries ±1. The condition that the matrix A is symmetric is that iij = a n _, for 
0 < i < n — 1. Similar conditions will ensure that B, C, and D are symmetric. 
There still remains the condition that A 2 + B 2 + C 2 + D 2 = 4 nl n , which is, in 
general, quite difficult to satisfy. In fact, most applications of Corollary 4.21 
have required computer searches to find suitable input matrices. 

Example 4.23. A Hadamard matrix of order 92 was discovered in 1962 by 
Baumert, Golomb, and Hall using the method described above. The first 
rows of the matrices A, B, C, and D are as follows, where we encode "1" as 
"+" and "-1" as 

A:+H 1 1 b H 1 1 b 

B: H bH bH b + + + + H bH b + - 

C: + + H bH 1 bH 1 bH b + 

D:+ + H b + H i 1 b + H b + 



n — 1 

E 11 > U ' = 

i = 0 



/ «0 «1 • • • 
tin — 1 ^0 

V «1 a 2 ‘ ‘ ■ 



I 
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4.6 Existence Results for Hadamard Matrices of Small Orders 

The constructions we have presented thus far allow us to obtain Hadamard 
matrices of all possible orders n < 100. We summarize the details in Table 
4.1. 



order 


equation 


authority 


2 




Example 4.2 


4 


2x2 


Theorem 4.19 


8 


2x4 


Theorem 4.19 


12 


11 + 1 


Corollary 4.7 


16 


2x8 


Theorem 4.19 


20 


19 + 1 


Corollary 4.7 


24 


2x 12 


Theorem 4.19 


28 


27 + 1 


Corollary 4.7 


32 


2x 16 


Theorem 4.19 


36 


2 x 17 + 2 


Corollary 4.16 


40 


2 x 20 


Theorem 4.19 


44 


43 + 1 


Corollary 4.7 


48 


2x24 


Theorem 4.19 


52 


2 x 25 + 2 


Corollary 4.16 


56 


2x28 


Theorem 4.19 


60 


59 + 1 


Corollary 4.7 


64 


2x32 


Theorem 4.19 


68 


67 + 1 


Corollary 4.7 


72 


2x36 


Theorem 4.19 


76 


2 x 37 + 2 


Corollary 4.16 


80 


2x40 


Theorem 4.19 


84 


83 + 1 


Corollary 4.7 


88 


2x44 


Theorem 4.19 


92 




Example 4.23 


96 


2x48 


Theorem 4.19 


100 


2 x 49 + 2 


Corollary 4.16 



Table 4.1. Constructions of Hadamard Matrices of all Orders n < 100 



4.7 Regular Hadamard Matrices 

A regular Hadamard matrix is one in which every row and every column con- 
tains the same number of "l"s. Regular Hadamard matrices are interesting 
for several reasons. First, they turn out to be equivalent to certain symmetric 
BIBDs. In addition, they have the maximum number of "1" entries (among 
all possible Hadamard matrices of a given order). We pursue these topics in 
the rest of this section. 
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We begin with a small example. 

Example 4.24. The following matrix is a regular Hadamard matrix of order 4: 

/- 1 1 1 1 \ 

1-111 
11—11 
\ 1 1 1—1/ 



A Hadamard matrix in which every row has the same number of "l"s 
is called a roiv-regnlar Hadamard matrix ; one in which every column has the 
same number of "l"s is called a column-regular Hadamard matrix. We be- 
gin by investigating necessary conditions for the existence of row-regular 
Hadamard matrices. Suppose that H = (hi j) is a Hadamard matrix of order 
n > 1 in which every row contains exactly l entries equal to 1. For 1 < i < n, 
let I', denote the ith row of H. Define 

a = 10 ' : h,j = h 2/ j = 1 }|, 
b=\ {/ : h,j = l,h 2/ j = - 1 }|, 
c = |0' : hy = 1/ h 2 j = 1} |, and 

d=\{j:hi,j = hy = -l}\. 

Then we have the following equations: 

a +b + c + d = n 

a + b = i since jq contains £ "l"s 

a + c = £ since r 2 contains t "l"s 

a — b— c + d = 0 since r\ ■ r 2 = 0. 

This system has the following unique solution: 




Now suppose we change every "—1" entry of H to "0". The resulting 0 — 1 
matrix M satisfies the equation MM T = A/„ + (£ — A)!,,, where A — a = 
£ — n/4. Therefore, by Theorem 1.15, M is the incidence matrix of a pairwise 
balanced design having n points and n blocks in which every point occurs 
in i blocks and every pair of points occurs in A blocks. Theorem 2.3 tells us 
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that this PBD is in fact a BIBD, and therefore M is the incidence matrix of a 
symmetric (n, £, £ — ^)-BIBD. This in turn implies that 

*(*-!)= (l~ l) 

For any fixed value of n, the equation above is a quadratic equation in £. 
Therefore we can solve for £ as a function of n using the quadratic formula. 
We obtain the following: 




This implies that n must be a perfect square. It is also the case that n = 0 
(mod 4). (All Hadamard matrices have orders n = 0 (mod 4) except for ma- 
trices of orders n = 1 and 2. We are assuming that n > 1. Furthermore, n / 2 
because 2 is not a perfect square.) Therefore we can write n = (2u) 2 , where u 
is a positive integer, and it follows that our symmetric BIBD has parameters 
(Air, hi 2 ± u,u 2 ± u). 

Conversely, if we begin with the incidence matrix of a (Air, 2 u 2 ± u, u 2 ± 
f/j-BIBD and replace every "0" by "—1", then it is not difficult to show that 
the result is a regular Hadamard matrix of order An 2 . 

Summarizing the discussion above, we have the following theorem. 

Theorem 4.25. A row-regular Hadamard matrix, say H, of order n > A exists only 
if n = An 2 for some integer u > 2 and every row of H contains £ “\"s, where 
£ = 2 if ± u. Furthermore, such a Hadamard matrix is equivalent to a (symmetric) 
(Au 2 ,2u 2 ± u, u 2 ± n)-BIBD. 

We have also proven the following result. 

Theorem 4.26. The following are equivalent: 

• H is a row-regular Hadamard matrix of order n; 

• H is a column-regular Hadamard matrix of order n; 

• H is a regular Hadamard matrix of order n. 

Example 4.27. We constructed a (16, 6, 2)-difference set in (Z4 x Z4, +) in Ex- 
ample 3.4 and a (36, 16, 5)-difference set in (Zg x Zg, +) in Example 3.6. 
Therefore there exists a (16, 6, 2)-BIBD and a (36, 16, 5)-BIBD. Applying The- 
orem 4.25, there exist regular Hadamard matrices of orders 16 and 36. S 

It is not difficult to show that the Kronecker Product of two regular 
Hadamard matrices is a regular Hadamard matrix. Therefore we can also 
construct a regular Hadamard matrix of order 16 as the Kronecker Product 
of regular Hadamard matrices of order 4. More generally, we can easily ob- 
tain infinite classes of regular Hadamard matrices as follows. 

Theorem 4.28. Suppose that n = A"9 b , where a and b are nonnegative integers 
such that a >b. Then there is a regular Hadamard matrix of order n. 
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Proof. If a = b = 0, then n = 1, and there exists a regular Hadamard matrix 
of order 1, namely (1). Therefore, we can assume that a + b > 1. Write h = 
A n ~ b 36 b . Then a regular Hadamard matrix of order n can be constructed by 
taking the Kronecker Product of a — b regular Hadamard matrices of order 4 
and b regular Hadamard matrices of order 36. □ 



4.7.1 Excess of Hadamard Matrices 

Let H = (hj'j) be a Hadamard matrix of order n. Define the excess of H to be 

excess (H) = tthr 

i=ij=i 

Clearly excess (H) is the amount by which the number of "l"s in H exceeds 
the number of l"s. For an integer n such that a Hadamard matrix of order 
n exists, define 

a(n) = max{excess(H) : H is a Hadamard matrix of order n}. 

Lemma 4.29. a(n) < n 3 ^ 2 . 

Proof. Let H be a Hadamard matrix of order n. For 1 < k < n, define 

n 

Sk = E Kk- 
1=1 

The quantity S/ c is the sum of the entries in column k of H, so it is obvious 
that 

n 

excess (H) = ^ s^. 

k = 1 

Let jq, . . . , denote the rows of H. We compute the quantity 

n n 



EE 

*'=17'=1 



r; ■ r 



in two ways. It is clear that r, • r j = n if ; = j and r, ■ r ( = 0 if ; / j. It therefore 
follows that 



EE 



r t ■ rj = n . 



i= l/=i 

On the other hand, we have that 

n n n n n 

E E r ' ■ '7 = E E E hithj* 

i=lj=l k=l 

n ( n \ / n ^ 

= E ( EXm ( EV 



*=iy=i 



)t=i \i=i 
2 



V;=i 



= E s *t 

/t=i 
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Hence, 



L^ 2 = n\ 

k = 1 



Now, the classical Cauchy-Schwartz Inequality asserts that 

(t x m ) 2 <(t*A><(tyA 



(4.1) 



(4.2) 



Kk = 1 



a-=i 



a=i 



for arbitrary real numbers X \, . . . , x n ,i)\ , . . . ,i/„. Setting X/ c = 1 and t// c = 
for 1 < k < n, it follows immediately that 



E S M ^ ” E s k 2 - 

a -= i / /t=i 



Combining (4.1) and (4.3), we have that 



n 2 = E s *-' 2 — 

fc=l 



(ELtSk) : 



(4.3) 



(4.4) 



and hence 

n 

excess (H) = E s t — m3 ^ 2 - 
7=1 



□ 



We now show that Hadamard matrices having the maximum possible 
excess are equivalent to regular Hadamard matrices. 

Theorem 4.30. a(n) = « 3 ^ 2 if and only if there exists a regidar Hadamard matrix 
of order n. 

Proof. Suppose that H is a regular Hadamard matrix of order n . We proved 
earlier that H has exactly £ "l"s in every row and column, where 




If £ = (n — \/n) /2, then multiply every entry of H by —1. The result is a 
regular Hadamard matrix in which every row and column contains exactly 
( n + \f n ) / 2 "l"s. This Hadamard matrix has excess equal to 

( n+ yjn n - fn\ 3/2 

— )=n 3 ' 2 - 

Conversely, suppose that H is a Hadamard matrix of order n such that 
excess (H) = m 3/2 . Then, in the proof of Lemma 4.29, it must be the case that 
(4.4) is in fact an equality: 
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( n \ 2 n 

EM =n L s k 2 - 

\k=l ) k = 1 

It is well-known that equality occurs in the Cauchy-Schwartz Inequality (4.2) 
if and only if 

y\ = n = ... = y* 

X 1 X2 Xfi 

Hence, equality occurs in (4.4) if and only if Si = S 2 = • • • = s n , which im- 
plies that H is column-regular. However, Theorem 4.26 asserts that a column- 
regular Hadamard matrix is regular. This completes the proof. □ 
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Suppose n > 1 is an integer. A function / : (Z 2)' 1 — > Z 2 is called a Boolean 
function of n variables. Define B n to be the set of all Boolean functions of n 
variables. 

Suppose / G B n . We can list the values /(x), for all x G (Z 2 )", in a vector 
of length 2". Denote this vector by <p{f), where < p{f)x — /(x) for all x G 
(Z 2 )". For the sake of consistency, we will index the coordinates of <p(f ) in 
lexicographic order. 

Note that (p(f) G (Z 2 ) 2 " and therefore \B„\ = 2 2 " (i.e., there are 2 2 " 
Boolean functions of n variables). For any / G B n , define (— 1 )f to be the 
function (— l)f : (Z 2 )” — »■ { — 1,1} such that ((— l)/)(x) = (— l)-fM for all 
x G (Z 2 )”. In other words, ( — 1 )■■ is formed from f by replacing every out- 
put equal to "0" by "1" and every output equal to “V by "—1". (We already 
performed a similar operation when we constructed a Hadamard matrix of 
order 4 n from a symmetric (4 n — 1, 2 n — 1, n — 1)-BIBD.) 

Define the inner product of two vectors x, y G (Z 2 ) n as follows: 

n 

x • y = E X iVi mod 2 ' 

7 = 1 

where x = {x\, . . . ,x „ ) and y = (j h, . . .,y n )- Let F be any real-valued func- 
tion defined on ■ The Fourier transform of F is the function F : (Z 2 )” — > 
1R defined by the following formula: 

F(x)= £ (— l) xy F(y) 

ye(Z 2 ) H 



for all x G (Z 2 )". 

For any two vectors x, y G (Z 2 ) n , define 






x,y — 



1 if x = y 

0 if x yt y. 
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Lemma 4.31. For any y € (Z 2 )", it holds that 



E (-l) x ' y = 2% (0 o)- 

xe(Z 2 )» 

Proof. If y = (0, . . . , 0), then every term in the sum equals 1, and the result 
follows. If y f (0, . . . , 0), then there are the same number of terms equal to 1 
as there are terms equal to —1, so the sum is 0. □ 

Let S n = (s X/ y) be the 2" x 2” matrix in which the rows and columns are 
indexed by (Z 2 )" (in lexicographic order) and s x;y = (— l) x y for all x, y G 
(Z 2 )". S„ is called the Sylvester matrix of order 2". 

Lemma 4.32. S n is a Hadamard matrix. 



Proof. Let x,yg (Z 9 )". Then, applying Lemma 4.31, we have that 

E s*, zSy , z = E (-i) xz+yz 

ze(Z 2 )” ze(Z 2 ) n 

= e (-i)( x+ y)' z 

ze(Z 2 )” 

= 2 " ^x+y,(0,...,0) 

— 2 " d 

— z °x,y ■ 

□ 



For any function F : {0, 1}" — * 1R, define i p(F ) in the same way that <p(f) 
was defined from /, i.e., < p(F ) is the vector of values F(x). Then we have the 
following result, which follows immediately from the definition of F. 

Lemma 4.33. Suppose that F : {0, l} n — > IR. Then <p(F) = <p(F)S n . 

The following corollary will be useful. 

Corollary 4.34. Suppose that F : {0, 1}" — > IR. Then F = 2 n F. 

Proof. We have that <p(F) = (p(F)S„. Multiplying on the right by S n and using 
thefactthat (S„) 2 = 2" 1 2 " (which holds because S n is a Hadamard matrix and 

S„ = (S„) T ), we have that <p{P) = 2 n <p(F). Hence, f = 2 n F. □ 

Example 4.35. Suppose that n = 2, f(x i,xf) = X\Xi, and F = (— l)f, where 
X\, X2 G Z 2 . Then <p(f) = (0, 0,0, 1), where the coordinates of < p(f ) are in 
lexicographic order; i.e., <p(f) = (/( 0, 0),/(0, 1),/(1, 0),/(l, 1)). 

Theni^(F) = (1, 1, 1, — 1), and 



S 2 = 



/ 1 1 1 1 \ 
1-1 1-1 
1 1-1-1 
\ 1 — 1 1 1 j 
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/I 1 1 1\ 

0(F) = (1,1, 1,-1) =(2,2,2, -2). 



Theorem 4.36. Suppose that f e B„ and F = (— 1)/. Let y € (Z 2 )' 1 . T/ze« it holds 
that 



E F(x)F(x + y) 

xe(Z 2 )» 



2 2 " ify = (0 0) 

0 ify ^ (0 0). 



Proof. 

E F(x)F(x + y) 

xe(Z 2 )" 

= E E (-1) XU F(«) E (-i) (x+y)v F(v) 

xe(Z 2 )” ue(Z 2 )" ve(Z 2 ) n 

= E E E (-l) x ' u+(x+y) - v F(u)F(v) 

xe(Z 2 )» ue(Z 2 )” ve(Z 2 ) n 

= E E E (— l) x(u+v)+yv F(u)F(v) 

xe(Z 2 )« ue(Z 2 )" ve(Z 2 ) n 

= E E (— l) y v F(u)F(v) E (-1) X - (U+V) 

ue(Z 2 )« ve(Z 2 )" xe(Z 2 )« 

= E E (— l) y v F(u)F(v)2" from Lemma 4.31 

ue(Z 2 )« ve(Z 2 )” 

= 2” E (— l) yu (F(u)) 2 

ug(Z 2 )” 

= 2" E (— l) yu because F(u) = ±1 

U6(Z 2 )" 

= 2 2 ” <b'y / (o,...,o) from Lemma 4.31, 

as required. □ 

We state two corollaries. The first corollary is just the case y = (0, . . . ,0) 
in the previous theorem. 

Corollary 4.37 (Parseval's Equation). Suppose that f <E B„ and F = (— l)f. 
Then it holds that 

E (F( x )) 2 = 2 2 ”. 

xe(Z 2 )« 

The second corollary follows from the proof of Theorem 4.36 by noting 
that the first part of the proof (all but the last two lines of the displayed equa- 
tions, in fact) applies to any real-valued function. 
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Theorem 4.38. Suppose that F : (Z 2 ) n — > IR and let y G (Z 2 )”. Then it holds that 

E F(x)F(x + y)=2" E (— l) y ' u (F(u)) 2 . 

xe(Z 2 )" ue(Z 2 )* 

It turns out that the Fourier coefficients F(x) provide a measure of the 
nonlinearity of Boolean functions. Suppose that f,g £ B„. We define the 
distance between / and g to be the quantity 

d(f,g) = \{xe{Z 2 ) n :f{x)?g{x)}\. 

Equivalently, d (f,g) is the Hamming distance between the vectors <p(f) and 

4>(g)- 

A function / G B n is a linear function if / has the form 

/(x) = a x, 

where a G (Z 2 )”. Clearly there are 2" linear functions in B n . For brevity, we 
will denote the function a • x by L a . By L a + 1 we mean the function taking 
on the value L a (x) + 1 mod 2 for all x. A function / G £>„ is an affine function 
if / = L a or / = L a + 1 for some a G (Z 2 )”. Note that there are 2 ,!+1 affine 
functions in £>„. 

The following formula relates the distance between a function / and a 
linear or affine function to the Fourier transform of /. 

Theorem 4.39. Suppose that f G B n and F = (— l)f. Let a G (Z 2 )”. T/ze?j 

d(/, F a ) = 2 n_1 — ^F(a) 

and 

d(/,F a + 1) = 2 n_1 + ^F(a). 

Proof. 

F(a) = |{y G (Z 2 ) n : a-y = /(y)}| - |{y G (Z 2 )" : a-y ^/(y)}| 

= 2" — 2|{y G (Z 2 ) n : a^y / / (y)} I 
= 2"-2d(/,L a ). 

From this it follows immediately that 

d(/,F a ) = 2 n_1 — ^F(a). 

The second formula is obtained by observing that 

d(/,L a + l) =2*-d(/,L a ). 



□ 
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We illustrate the concepts described above by continuing Example 4.35. 

Example 4.40. Suppose that n = 2 and f(x \,xf) = * 1 * 2 , where xi ,^2 G Z 2 . 
We observed in Example 4.35 that <p(f) = (0,0,0, 1) and 1 p(F) = (2,2,2, —2). 
The affine functions of two Boolean variables (denoted by g in the following 
table) and their distances to / are as follows: 

a l //C fia)d(/,y) 

(0,0) L {00) (0,0, 0,0) 2 1 

(0,0) L (0 0) +l (1,1, 1,1) 2 3 

(0,1) L m (0,1, 0,1) 2 1 

(0,1) L (01) + l (1,0, 1,0) 2 3 

(1,0) L (1/0) (0,0, 1,1) 2 1 

(1.0) L (10) +l (1,1, 0,0) 2 3 

(1.1) L (11) (0,1, 1,0) -2 3 

(1,1) L (u) +1 (1,0, 0,1) -2 1 

It can be verified that d (/, g) = 1 or 3 for all affine functions g and, moreover, 
d (/, g) is given by the formula proven in Theorem 4.39. S 

The nonlinearity of/, denoted Nf, is defined as follows: 

Nf = min{d(/, L a ),d(/, L a + 1) : a e (Z 2 )”}. 

In view of Theorem 4.39, we have that 

Nf — 2 n ~ 1 — i max{|F(a)| : a £ (Z 2 )"}. (4.5) 

A function / € ,8,, is a bent function if |F(x)| = 2”/ 2 for all x £ (Z^)”, 
where F = (~ 1 )■. Note that the function / in Example 4.35 is bent. A bent 
function can exist in B n only when n is even because F(x) is an integer for all 
x £ (Z 2)’ 1 when f £ B n , and 2"/ 2 is not an integer if n is odd. 

We prove in the next theorem that bent functions have maximum possible 
nonlinearity (this is the reason for the terminology "bent"). 

Theorem 4.41. For any f £ B n , it holds that Nf < 2” -1 — 2' !/,2_1 . Furthermore, 
equality holds if and only if f is a bent function. 

Proof. Denote 

M = max{|F(a)| : a £ (Z 2 )"}; 

then Nf = 2" -1 — M/2. Applying Parseval's Equation (Corollary 4.37), we 
have that 

2"M 2 > Y, (F(x)) 2 =2 2n , 

xe(Z 2 )" 

so M > 2"/ 2 . Furthermore, M = 2"^ 2 if and only if |F(x)| = 2 ,! ^ 2 for all 
x £ (Z 2 )”. In other words, Nf < 2" -1 — 2"^ 2 ^ 1 , and equality occurs if and 
only if / is bent. □ 
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Here is an interesting way to characterize bent functions in terms of 
Hadamard matrices. 

Theorem 4.42. Suppose that f e B n and F = (— T)f . Define the matrix Hf = 
fix,y)r where h X/ y = F(x + y )for all x, y € (Z 2 )". Then f is a bent function if and 
only if Hf is a Hadamard matrix. 

Proof. Suppose that / is a bent function. Define the function 



ThenG = (—1)2 for some Boolean function g e B n . Applying Corollary 4.34, 
it follows that G = 2 n/ ' 2 f, Now, to verify that Hf is a Hadamard matrix, we 
must show that the equation 

E hx,zhy,z = 2 n 5 x ,y (4.6) 

ze(Z 2 )" 



holds for all x, y € (Zt)". This is done as follows: 

E Kzhy,z= E F ( x + z ) F (y + z) 

ze(Z 2 ) n ze(z 2 ) n 

= E F (w)F(x + y + w) 

W6(Z 2 )" 

= 4 E G(w)G(x + y + w) 

we(Z 2 )" 

= fx 2 2 "^ +y ,(0,...,0) 

— 2 n d 

— z °x,y> 

where we apply Theorem 4.36 to the Boolean function g. 

Conversely, suppose that (4.6) holds for all x,y e (Z 9 )”. Define the real- 
valued function 




Setting y = (0, . . . , 0) in (4.6), we obtain the following: 

2 " E(0,...,0) = E F x,zfr(0,...,0),z 

zg(Z 2 )" 

= E F (x + z) F (z) 

ze(Z 2 ) n 

= i E G(z)G(x + z) 

ze(Z 2 )" 

= E (-l) x - z (G(z)) 2 

ze(Z 2 )>' 

= 4 E (-D x - Z (%)) 2 - 

ze(Z 2 )« 
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Therefore we have that 



2 2 "(1,0 0) = <p((F(z)) 2 )S n . 

Multiplying on the right by S n , we obtain 

2 2 ”(1,0 0)S n =2>((F(z)) 2 ), 



which simplifies to give 

2” (1/1 1) = <K(F(z)) 2 ). 

Therefore |F(x) | = 2 n ^ 2 for all x G (Z 2 )”, and / is bent. □ 

Example 4.43. Again, suppose that n = 2 and f(x\, X 2 ) = X 1 X 2 , where x\, x^ G 
Z 2 . We have that <p(f) = (0,0,0, 1) and <^>(F) = (1, 1, 1, —1). The matrix Hf is 



H f = 



/ 1 1 1 — 1 \ 
1 1-1 1 
1-111 
\-l 111 J 



which is easily seen to be a Hadamard matrix of order 4. 



I 



Our next theorem ties together all the results we have presented so far in 
this section. This theorem proves an equivalence between bent functions and 
certain difference sets. 



Theorem 4.44 (Dillon). There exists a bent function f : (Z 2 )" — > Z 2 if and only 
if there exists a (2", 2"^ 1 ± 2^ n ~ 2 ^ 2 , 2 n ~ 2 ± 2^ ~ 2 ^ 2 ) -difference set in (Z 2 )". 

Proof. Suppose that / G B n is a bent function. Then, the matrix Hf = (. h x ,y ) 
constructed in Theorem 4.42 is a Hadamard matrix. It is also easy to see that 
Hf is regular; this is because every row and column of Hf is a permutation 
of the list of values F(x), x G (Z 2 ) n . 

We next show that (Z 2 )” is a sharply transitive automorphism group of 
this Hadamard matrix. For any u G (Z 2 )' 1 , define f u : (Z 2 )” — > (Z 2 )” as 
follows: f u ( x ) = x + u for all x G (Z 2 )' 1 . It is clear that t u is a permutation 
(i.e., a bijection) of (Z 2 )' 1 , and {f u : u G (Z 2 )"} is a sharply transitive set of 
permutations. Furthermore, every f u is an automorphism of Hf because 

h t a (x)My) = h n+x,n+y = F(u + x + u + y) = F(x + y) = h x , y 
for all x, y G {Zt)' 1 . 

This implies that the symmetric (2",2" -1 ± 2^ n ~ 2 ^ 2 , 2 n ~ 2 ± 2^ n ~ 2 ^ 2 )- 
BIBD, whose incidence matrix is constructed from Hf by replacing every 
entry —1 by 0, has (Zt )" as a sharply transitive automorphism group (ap- 
ply Theorem 4.25 with u = 2"~ 2 ). Therefore, by Theorem 3.17, the desired 
difference set in (Z 2 )” exists. 
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Conversely, suppose that the stated difference set exists. From this differ- 
ence set, we can construct a symmetric (2", 2" -1 ± 2^ n ~ 2 ^ 2 , 2” -2 ± 2(” -2 )/ 2 )- 
BIBD having (Z 2 ) n as a sharply transitive automorphism group. Then, re- 
placing every entry 0 in the incidence matrix of this BIBD by —1, we obtain 
a regular Hadamard matrix of order 2" having (Z 2 )” as a sharply transitive 
automorphism group. The fact that the Hadamard matrix has this automor- 
phism group means that 

h\i+x,u+y = ^x,y 

for all u, x, y G fZo) 1 '. Suppose we define a function / G B n as follows: 

/(*) = (? = 1 , 

[1 lf «x,(o,...,o) = -!• 

Then, we have that 

Ky = K + y,(0,...,0) = (-l)^ (X+y) 

for all x, y G (Z 2 )”. Therefore Theorem 4.42 establishes that / is a bent func- 
tion. □ 

The proof of Theorem 4.44 involved several steps to show that a bent 
function can be transformed into the relevant difference set and vice versa. 
However, if we examine the sequence of operations performed, we can easily 
describe a direct transformation between these objects. We state the follow- 
ing result, which is primarily a consequence of the proof of Theorem 4.44. 

Corollary 4.45. Suppose that f G B„ is a bent function. Let i = 0 or 1 and define 

D, = {xG (Z 2 )» :/(x)=i}. 

Then D, is a (2 n ,2 n ~ 1 ± 2 < ~ n - 2 '> /2 ,2 n ~ 2 ± 2( n ~V /2 ) -difference set in (Z 2 )". Con- 
versely, suppose that D C (Z 2 ) n is a (2”,2" -1 ± 2^ n ~ 2 ^ 2 , 2 n ~ 2 ± 2^ n ~ 2 ^ 2 )- 
difference set. Define f G B n by /(x) = 0 if and only if x G D. Tfren / is a 
bent function. 

So far, we have seen one example of a bent function, namely the function 
X] i '2 G £>2 that was introduced in Example 4.35. We will prove for all even 
integers n >2 that there exists a bent function in B n . First, we will state and 
prove an easy result concerning the Fourier coefficients of the sum of two 
Boolean functions on disjoint sets of input variables. Suppose that f\ G B ni 
and / 2 G B ni . Define the function / = f\ ®/ 2 G B Ul+n2 as follows: 

f (Hz • • • / %n-\ ) = fl (Tl/ • • • / %n\ ) T fli^ni+lr • • • / X-ni+nf) mod 2. 



We have the following. 
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Lemma 4.46. Suppose that f\ G B ni , f 2 G B„ 2 , and / = /i ® f 2 . Let F = (— l)f, 
F t = and F 2 = (-l) /z . T/;en 

F(x) = F 1 (Xi)F2(x2), 

tf/iere x = (*i, . . .,x„ 1+ « 2 ), x x = and x 2 = (x„ 1+ i, . . . ,x„ 1+ „ 2 ). 

Proof. 

F(x) = £ (— l) x ’ y F(y) 

ye(Z 2 ) H i+ H 2 

= E E (-l) Xryi+X2 ' y2 Fi(yi)F 2 (y 2 ) 

yi e(Z 2 ) n i y2e(Z 2 )" 2 

E (-l) Xiyi Fi(yi) I x ( E (-l) X2y2 F 2 (y 2 ) 

yie(z 2 )"i / \y 2 e(z 2 ) n 2 

= Fi(xi)F 2 (x 2 ). 




□ 

We now apply the lemma above to bent functions. The following corol- 
lary is immediate. 

Corollary 4.47. Suppose that f\ and / 2 are both bent functions. Then / = /i 8 / 2 
is a bent function. 

We now state an existence result for bent functions, which follows from 
the previous results by induction. 

Theorem 4.48. Suppose that n = 2 m. Then the function 

x\x 2 + X3X4 + • • • + x 2m -\x 2m mod 2 



is a bent function. 

Proof. The proof is by induction on m. For m = 1 , the function X\X 2 was 
shown to be bent by the computations performed in Example 4 . 35 . 

As an induction hypothesis, assume that the function 

X\X 2 + X3J4 + • • • + x 2m -3* 2m - 2 mod 2 

is bent. Using the fact that x 2m -\x 2m is bent, we can apply Corollary 4.47 to 
establish that the function 



x\x 2 + X3X4 + • • • + x 2m -i x 2m mod 2 



is a bent function. 

Therefore, by induction, the proof is complete. 



□ 
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We close this section by examining the bent function X\X 2 + X3J4 mod 2 
and the difference set equivalent to it. 

Example 4.49. Suppose that n = 4 and f{x\,x 2 , *3, *4) = X\X 2 + X3X4 mod 2. 
Then 

<p(f) = (0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 1, 1, 1,0), 

where the coordinates of (p( f ) are in lexicographic order. 

We construct a difference set from the function f by recording the values 
x where f(x) = 1. We obtain the set 

D = {(0,0, 1,1), (0,1, 1,1), (1,0, 1,1), (1, 1,0,0), (1,1,0, 1), (1,1, 1,0)}. 

D is a (16, 6, 2) -difference set in the group ((Z2) 4 , +). I 



4.9 Notes and References 

Seberry and Yamada [92] is a thorough survey on Hadamard matrices and re- 
lated concepts. Craigen and Wallis [36] is more tightly focussed on Hadamard 
matrices and contains some interesting historical information; both surveys 
are useful references. Up-to-date general asymptotic existence results for 
Hadamard matrices are found in Craigen [34]. 

Theorem 4.5 is due to Todd [109], and Corollary 4.16 is due to Paley [83]. 

Conference matrices were introduced in 1950 by Belevitch. Conference 
matrices and related objects such as weighing matrices have been studied 
extensively since then. Recent results on these topics can be found in Kouk- 
ouvinos and Seberry [68]. 

Williamson's method is presented in [116]. The discovery, in 1962, of a 
Hadamard matrix of order 92 using this techinque is reported in [6]. 

Theorem 4.25 is well-known, but its origin seems not to be known. For 
some relatively recent results on regular Hadamard matrices, see Craigen 
and Kharaghani [35]. The concept of excess of a Hadamard matrix is due to 
Best [8]; Theorem 4.30 is also proven in [8]. 

Bent functions were introduced by Rothaus in [88]. They have been an 
active area of research in recent years, in part due to their applications in 
coding theory and cryptography. Theorem 4.44 was first proven by Dillon in 
his Ph.D. thesis [40]. 



4.10 Exercises 

4.1 Construct Hadamard matrices of orders 12, 16, and 20. 

4.2 Construct symmetric conference matrices of orders 10, 14, and 18. 

4.3 (a) Prove that a W(n, n — 1) (as defined in Exercise 2.10) exists if and 

only if a conference matrix of order n exists. 
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(b) Deduce from Exercise 2.10 that a conference matrix of order n = 
2 (mod 4) exists only if n — 1 is the sum of two squares. 

4.4 (a) A conference matrix is standardized if every entry in the first row 

or column is equal to "1". Let C = (c^) be a symmetric con- 
ference matrix of order n. For 2 < i < n, suppose we multiply 
every entry in row i of C by c h \ . Then, for 2 < j < n, suppose 
we multiply every entry in column j of C by Cg ; . Prove that the 
resulting matrix is a standardized symmetric conference matrix 
of order n. 

(b) Let C = (Cjj) be a standardized symmetric conference matrix of 
order n. Define 

a = \{j : 4 < ; < n,c 2 ,j = c 3/j = 1}|, 

b = | {/ : 4 < ;' < n,c 2/ j = 1 ,c 3>j = -1}|, 

c = | {; : 4 < ;' < n,c 2i j = -1 ,c 3/ j = 1}|, and 

d = \{j ■■ 4 < ; < n,c 2/j = c 3/j = — 1} |. 

Determine the values of a, b, c, and d (note that there are two 
cases to consider, depending on whether c 2 3 = c 3/2 = 1 or c 2 3 = 
C3,2 = -!)• 

(c) Prove that a symmetric conference matrix of order n exists only 
if 77 = 2 (mod 4). 

4.5 Suppose that C = (c^j is a standardized conference matrix of order 
n = 2 (mod 4). Prove that C is symmetric by using a counting argu- 
ment similar to that used in Exercise 4.4. 

4.6 Extend Table 4.1 considering orders n < 200. To be specific, show that 
Hadamard matrices of all possible orders in the range 100 < n < 200 
can be constructed using the methods described in this chapter, except 
for n = 116, 156, 172, and 188. 

4.7 Note: This exercise requires some knowledge of linear algebra pertain- 
ing to eigenvalues and eigenvectors. 

Suppose we want to apply Williamson's construction. Thus we are 
looking for n x n matrices. A, B, C, and D, that satisfy the following 
properties: 

• A, B, C, and D are symmetric matrices having entries ±1, 

• A 2 + B 2 + C 2 + D 2 = 4 nl n , and 

• A, B, C, and D are circulant matrices. 

Let S/t, Sg, Sc, and Sp denote the sum of the entries of any row of A, B, 
C, and D, respectively, and let u = (1, • • • ,1). 

(a) Prove that u is an eigenvector of A, B, C, and D, and prove that 
the corresponding eigenvalues are s^, sg, sq, and sd, respec- 
tively. 

(b) Prove that u is an eigenvector of A 2 , B 2 , C 2 , and D 2 , and prove 
that the corresponding eigenvalues are (s^) 2 , (sg) 2 , (sc), and 
(sp) 2 , respectively. 

(c) Prove that (s^) 2 + (sg) 2 + (sc) 2 + (sd) 2 = 4 n. 
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(d) Suppose that n is odd. When applying Williamson's construc- 
tion, prove that we can assume without loss of generality that 
Sa, Sg, Sc, and Sd are all odd, nonnegative integers. 

Hint: Replace A by — A if necessary, etc. 

(e) For n = 5, find the unique solution (up to permutation) in 
odd nonnegative integers to the equation (s^) 2 + (sg) 2 + (sc) 2 + 

(so) 2 = 4 n. 

(f) For n = 5, find circulant matrices A, B, C, and D that satisfy the 
conditions for Williamson's construction. Verify that all the con- 
ditions are satisfied. 

Hint: Make use of the fact that s a, s b, s c, and s d are determined, 
as well as the fact that the matrices A, B, C, and D must be sym- 
metric, in order to reduce the number of cases that need to be 
considered. 

4.8 (a) Prove that the Kronecker Product of two regular Hadamard ma- 

trices is a regular Hadamard matrix. 

(b) Construct a regular Hadamard matrix of order 16 using the Kro- 
necker Product. 

(c) Use this regular Hadamard matrix to construct a (16, 6, 2)-BIBD. 

4.9 (a) Let H) and Hi be Hadamard matrices, and define H - H\ 0 Hi. 

Prove that excess (H) = excess(Hi) x excess(H2). 

(b) Prove that <r(8) > 16. 

4.10 Define the function / e to be 

f(x\,x 2,*3, X4) = X\X 2 + X 2 X 3 + X 3 X 4 mod 2. 

(a) Compute (p(f ), (p(F ), and cp(F). 

(b) Compute Nf using equation (4.5) and observe that / is a bent 
function. 

(c) Construct a (16, 6, 2)-difference set in the group ((Z2) 4 , +) from 
the function / by using the technique described in Corollary 
4.45. 
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5.1 Introduction 

Definition 5.1. Suppose (X, A) is a {v,k, A)-BIBD. A parallel class in ( X,A ) is 
a subset of disjoint blocks from A ivhose union is X. A partition of A into r parallel 
classes is called a resolution, and (X,A) is said to be a resolvable BIBD if A has 
at least one resolution. 

Observe that a parallel class contains v/k blocks, and therefore a BIBD 
can have a parallel class only if v = 0 mod k. 

We begin by constructing resolvable ( v,2 , l)-BIBDs for all even v. (Note 
that a (v, 2, 1) -BIBD consists of all 2-subsets of a Z'-set, so it exists trivially. The 
interesting thing is to show that it is resolvable.) 

Theorem 5.2. A resolvable [v,1, 1)-BIBD exists if and only ifv is an even integer 
and v > 4. 

Proof. Clearly it is necessary that v is even and v > 4. We construct a re- 
solvable (z7, 2, 1)-BIBD for all such v as follows: Take the set of points to be 
Zj,_j U {oo}. For; € define 

IT; = {{oo,;}} U {{i + j mod (v — 1),; — i mod (v — 1)} : 1 < i < (v — 2)/2}. 

It is not difficult to see that each IT; is a parallel class, and each pair of points 
occurs in exactly one IT;. Hence, we have a resolvable BIBD, as required. □ 

Example 5.3. A resolvable (6,2, 1)-BIBD. The parallel classes are as follows: 

n 0 = {{oo, 0}, {1,4}, {2,3}} 
n a = {{°°, 1}, {2,0}, {3,4}} 
n 2 = {{ 00 , 2 }, {3,1}, {4,0}} 
n 3 = {{~,3},{4,2},{0,l}} 
n 4 = {{00,4}, {0,3}, {1,2}}. 

I 
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5.2 Affine Planes and Geometries 

Recall from Section 2.3 that an affine plane of order n > 2 is an (n 2 , n, 1 )- 
BIBD. An affine plane of order n has r = n + 1 and b = n 2 + n. Theorem 2.13 
asserts that affine planes exist for all prime power orders because they are 
residual BIBDs of projective planes. Affine planes of prime power order are 
also easy to construct directly; we prove the following theorem. 

Theorem 5.4. For any prime power q, there exists an affine plane of order q (i.e., a 
(q 2 ,q, 1)-BIBD). 

Proof. Define P = F 1? x F 1? . For any a,b G F^, define a block 
L a ,b = {(x,y) GP:y = ax + b}. 

For any c G F^, define 

W = {(cy) :y g FJ. 

Finally, define 

C = {L a h : a, b G F,} U {Loo, c ■ c G F,}. 

We will show that (P, C) is a ( q 2 ,q , 1)-BIBD. 

Clearly, there are q 2 points in P, and every block contains exactly q points. 
Flence, we need only show that every pair of points is contained in a unique 
block. Let (x\,y\), (x^yf) G P. We consider two cases: 

1. If x\ = X 2 , then the unique block containing the pair {{x\,y\),{x2,y2)} is 

LcO,Xi ■ 

2. If x\ f X 2 , consider the system of equations in Fy 

xjx = ax i + b 
\j 2 = ax 2 + b. 

We will show that this system of equations has a unique solution for a 
and b. Subtracting the second equation from the first, we obtain 

yi -y 2 = a(x 1 -X 2 ). 

Since X\ f X 2 , there is a unique multiplicative inverse (x-\ — x 2 ) ~ 1 G F^. 
Multiply both sides of the previous equation by {x\ — X 2 ) -1 , obtaining 

a = (*1 - j 2 ) _1 (yi -yi)- 

Flaving determined a, it is a simple matter to determine b by back- 
substitution: 

b = yi - axi = yi - {x x - x 2 ) _1 (yi - y 2 )M- 

Therefore, the unique block containing the pair {(x\,y{), (x 2 ,y 2 )} is L a j,, 
where a and b are computed from the formulas above. 
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Summarizing, we have shown that (P, C) is a (q 2 , q, 1)-BIBD. □ 

Example 5.5. We use Theorem 5.4 to construct an affine plane of order 3. The 
set of points is Z 3 x Z 3 , and the blocks are as follows: 

4,0 = {( 0 , 0 ), ( 1 , 0 ), ( 2 , 0 )} 

4,1 = {( 0 , 1 ), ( 1 , 1 ), ( 2 , 1 )} 

4,2 = {(0,2), (1,2), (2,2)} 

4.0 = {(0,0), (1, 1), (2,2)} 

L u = {(0,1), (1,2), (2,0)} 

4,2 = {( 0 , 2 ), ( 1 , 0 ), ( 2 , 1 )} 

4.0 = {( 0 , 0 ), ( 1 , 2 ), ( 2 , 1 )} 

4,1 = {( 0 , 1 ), ( 1 , 0 ), ( 2 , 2 )} 

4,2 = {( 0 , 2 ), ( 1 , 1 ), ( 2 , 0 )} 

Loo , 0 = {( 0 , 0 ), ( 0 , 1 ), ( 0 , 2 )} 

Loop = {( 1 , 0 ), ( 1 , 1 ), ( 1 , 2 )} 

Loo , 2 = {( 2 , 0 ), ( 2 , 1 ), ( 2 , 2 )}. 

I 

At this point, we have two constructions for affine planes of prime power 
order: the direct construction given in Theorem 5.4 and forming the residual 
BIBD of the projective plane PG?(4 constructed in Theorem 2.10. With a bit 
of work, we can show that these two constructions of affine planes of order 
q (q a prime power) yield isomorphic BIBDs. 

First, it is not difficult to show that all affine planes constructed as resid- 
ual designs of the projective plane P G 2 ( c/ j are isomorphic. In other words, it 
does not matter which block in P G 2 4/ j we use to construct the residual de- 
sign. Therefore, we can suppose without loss of generality that we choose 
the block Ag 0 corresponding to the two-dimensional subspace 

Bo = {(x lr x 2 ,x 3 ) G (IF ,) 3 : (0,0,1) • (x lr x 2 ,x 3 ) = 0} 

of (IF ,) 3 (i.e., the subspace B 0 = span((l,0,0), (0, 1,0))). The points in the 
block Ag 0 are the following one-dimensional subspaces of (IF,) 3 : 

span((l, i,0)),z G F,, and 
span((0, 1,0)). 

The q 2 points not in Ag 0 are 

span((j, y,l)),x,y G F,. 

Let (P,C) = (F, x F,, {4,b ■ a, b G F,} U {Loo, c : c G F,}) be the affine 
plane of order q constructed in Theorem 5.4. We will show that the bijection 
a, defined by 
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(x,y) ^ span((x, y, 1)) 

for all (x,y) G P, yields an isomorphism of the affine plane (P, C) and the 
residual BIBD of PG 2 (q) through the block A Bg . 

We must demonstrate that blocks are mapped to blocks under the bijec- 
tion a. The q 2 + q blocks (other than Af) in PG 2 (^ 7 j are obtained from the 
following two-dimensional subspaces: 

B a ,b = {{xi,X 2 ,x 3 ) G (F,j ) 3 : (a,-l,b) ■ (x lr x 2 ,x 3 ) = 0},a,b G F ? , and 
B c = { (x\,x 2 , x 3 ) G (Fq) 3 : (1,0, -c) • (*i,x 2 ,x 3 ) = 0}, c G F q . 

(To see this, observe that these q 2 + q subspaces are distinct, and different 
from Bq.) 

Let a, b G F ? . The q + 1 points in the block A Bj h of PG 2 (^) are 

span((x,flx + b, l)),x G F^, and 
span((l,«,0)). 

The point span((l,fl, 0)) is deleted from A Bab when the residual design is 
constructed, and x{x,ax + b) = span ((x,ax + b, 1)) for all x G F^. Thus the 
block L„ j, is mapped by a to the block 

Finally, let's consider a block A Bc , where c G Hy. The q + 1 points in this 
block are 

span((c,y,l)),y G F q , and 
span((0, 1,0)). 

The point span((0, 1,0)) is deleted from A Bc when the residual design is con- 
structed, and a(c,y) = span((c,y, 1)) for all y G F ? . Thus the block Lco /C is 
mapped by a to the block 



A B( ,\{span((0,l,0))}. 

We have therefore shown that the two designs are isomorphic. 

5.2.1 Resolvability of Affine Planes 

Affine planes provide interesting examples of resolvable BIBDs because any 
affine plane can be shown to be resolvable. The main steps in proving this 
are as follows. First, the following lemma is proved by a simple counting 
argument. 

Lemma 5.6. Suppose ( P , C) is an affine plane of order n. Suppose L G C, x G P, 
and x L. Then there is exactly one block M G C such that x G M and LnM = 0. 
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Proof. (P, £) is a BIBD with k = n and A = 1. Hence, for every point y G L, 
there is a unique block L v such that x G L v and L fl L y = {y}. This accounts 
for n blocks containing the point x. Since r = n + 1, there is one further block 
containing x, say M, and L n M = 0. □ 

Now, suppose that ( P , C) is an affine plane of order n, and define a binary 
relation ~ on the set of blocks, C, as follows: 

L^M if L = M or LnM = 0. 

The following can now be proved. 

Lemma 5.7. Suppose (X, C) is an affine plane of order n. Then the relation ~, as 
defined above, is an equivalence relation. 

Proof. We need to show that ~ is reflexive, symmetric, and transitive. First, 
L ~ L for every Let by definition. Second, it follows easily from the def- 
inition that L ~ M if and only if M ~ L. Third, suppose that L ~ M and 
M ~ N. There are four cases that arise: 

1. If L = M and M = N, then L = N and hence L ~ N. 

2. If L = M and M n N = 0, then LflN = 0 and hence L ~ N. 

3. If L fl M = 0 and M = N, then LflN = 0 and hence L ~ N. 

4. Suppose LnM = 0 and M fl N = 0. If L = N, then L ~ N, so suppose 
L N. In this case, we want to prove that LCiN = 0. If it does not, 
then there is a unique point x € LflN. Now, L and N are two blocks 
that contain the point x and are both disjoint from M. This contradicts 
Lemma 5.6, so we conclude that L n N = 0 and hence L ~ N . 

We have proved that ~ is reflexive, symmetric, and transitive, and hence it is 
an equivalence relation. □ 

The next step is to prove the following. 

Lemma 5.8. Suppose (X, C) is an affine plane of order n. Then each equivalence 
class o/~ is a parallel class in (X, C). 

Proof. Let n be an equivalence class of ~ and let Lgh Then, 

n = {M G £ : L ~ M}. 

Clearly, all the blocks in n are disjoint. Furthermore, for any point x, Lemma 
5.6 tells us that there exists a block Men such that i G M. It follows that 
each equivalence class of ~ is a partition of X. □ 

Using this lemma, it is easy to see that (X, C) is resolvable, as follows. 

Theorem 5.9. Any affine plane is resolvable. 
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Proof. By Lemma 5.8, each equivalence class of ~ is a parallel class of the 
BIBD. Also, every block of the BIBD is in exactly one equivalence class of 
Therefore, the equivalence classes of ~ form a resolution of the affine plane. 

□ 

In the case of the affine planes of prime order that we constructed in The- 
orem 5.4, it is easy to determine the parallel classes. For any a £ F (; , 

{L a ,b '■ b € IFjj} 

is a parallel class. Furthermore, 

{ • c £ } 

is a parallel class. These q + 1 parallel classes form a resolution of the BIBD. 
Observe that each of these parallel classes consists of all "lines" having a 
given "slope". In this fashion, the finite affine planes can be thought of as 
finite analogs of the classical real Euclidean plane. 

5.2.2 Projective and Affine Planes 

Recall that a projective plane of order n is an (n 2 + n 4- 1 , f? + 1 , 1 j-BIBD. The 
next theorem establishes a close connection between affine and projective 
planes. 

Theorem 5.10. There exists an affine plane of order n if and only if there exists a 
projective plane of order n. 

Proof. First, the residual BIBD of a projective plane of order n is an affine 
plane of order n by Theorem 2.7. Conversely, given any affine plane of or- 
der n, we will show how to embed it into a projective plane of order n. 
Let (X, C) be an affine plane of order n. By Theorem 5.9, (X, C) is resolv- 
able; let Tl \, . . . , n„ + i be the n + 1 parallel classes. Let oo 1 , . . . , oo J!+1 ^ X, 
define Q = {ocq, . . . ,oo n+1 }, and define X' = X U O. For every L G C, 
define L' = LU {oo ( - }, where L £ Tl, (in other words, adjoin the point 
oo, to every block in the zth parallel class, 1 < i < n + 1). Finally, define 
£' = {L':Le£}U{n}. 

We show that {X' , £') is a projective plane of order n. There are n 2 + n + 1 
points, and every block contains exactly n + 1 points. Thus we need only to 
show that every pair of points x,y £ X 1 (x f y) occurs in a unique block. 
If x, y £ X, then x and y occur in a unique block L £ C, and hence x and y 
occur in a unique block in C ! , namely L'. If x £ X and y £ O, say y = oo ( , 
then {x, y} C ll , where L is the unique block in IT, that contains x. Finally, if 
x = oo,- and y = oo j r then { x,y } CO. □ 
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Example 5.11. The affine plane of order 3 constructed in Example 5.5 can 
be embedded into a projective plane of order 3 consisting of the following 
blocks: 

4.0 = {(0,0), (1,0), (2,0), oor} 

4.1 = {(0,1), (1,1), (2,1), 004} 

4.2 = { (0/ 2)/ (1/ 2)/ (2/ 2)/ °oi} 

4.0 = { (0, 0), (1, 1), (2, 2), oo 2 } 

4.1 = {(0,1), (1/2), (2,0),oo 2 } 

4.2 = {(0,2), (1,0), (2,1), oo 2 } 

4,o = {(0,0), (1,2), (2,1), oo 3 } 

4,r = {(0,1), (1,0), (2, 2), 003} 

4,2 = {(0,2), (1,1), (2,0), 003} 

4o,o = {(0,0), (0,1), (0,2), 004} 

1-00,1 = 1(1/°)/ (1/1)/ (1/2),°o 4 } 

40.2 = {(2,0), (2,1), (2, 2), 004} 

n = {00^002, 003,004}. 

I 



5.2.3 Affine Geometries 



In this section, we generalize the construction of affine planes to higher di- 
mensional affine geometries. We use a slightly different presentation. Let q 
be a prime power, let m > 2, and let X = (F 1? ) m . Let 1 < d < m — l.A d-flat 
in X is a subspace of X having dimension d or an additive coset of such a 
subspace. Note that X itself is a vector space of dimension m over Ily. 

A d-dimensional subspace is the same thing as the solution set to a system 
of m — d linearly independent homogeneous linear equations in in variables 
X], , x m £ F,|. A d-flat is the solution set to a system of m d independent 
linear equations, which can be homogeneous or nonhomogeneous. 

The set of points X and the set of all d-flats of X (for 1 < d < m — 1) 
comprise the m-dimensional affine geometry over F^, which will be denoted 
AG m(q)- 



Lor 0 < d < m, define the Gaussian coefficient 




as follows: 




1 



ifd ^0 
if d = 0. 



The geometry AG m (q) gives rise to various resolvable BIBDs, as shown in the 
following theorem. 
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Theorem 5.12. Let q be a prime power, let m > 2, and let 1 < d < m — 1. Let X 
denote the set of points in AG m (q) and let A denote the set of all d-flats in AG miff)- 

Then (X,A) is a resolvable ( q m ,b , r , q d , \)-BIBD , where b = q' n ~ 



r = 



m 

d 



and A = 



m — 1 
d - 1 ' 

J q 



Proof. The fact that this set system is resolvable is easy to see because any 
subspace together with all of its cosets forms a parallel class. Therefore, we 
just need to prove that the design is a BIBD. 

First, we show that every pair of points occurs in A blocks, where A = 
TYl — 1 

, .j . Suppose that x = (x\, . . . , x m ) and y = (y . . . ,y m ) are any two 

distinct points. The number of d-flats that contain x and y is the same as the 
number of d-dimensional subspaces that contain the two points (0, . . .,0) 
and z = x — y. A subspace of dimension d that contains z is determined by 
choosing d — 1 vectors, say z 2 , . . . , z d , such that z, z 2 , . . . , z d are d linearly in- 
dependent vectors. Denote z 1 = z; then the d-tuple (z 1 , . . . , z d ) is an ordered 
basis for a subspace containing z. The number of ordered bases of this type 
is easily seen to be 



{q>n~q)(q>n-q>)... { q>n_ q ^f 



The terms in the product above are determined as follows: there are q m — q 
vectors in (Z, ; ) m that are not scalar multiples of z 1 ; there are q m — q 2 vectors 
that are not in span(z 1 , z 2 ); etc. 

Now, a similar argument shows that every subspace containing z is gen- 
erated by a constant number of ordered bases of this form, namely 

{q d -q)(q d -q 2 )...(q d -q d ~\ 



The total number of subspaces containing z is therefore equal to 
{q m - q)(q m - q 2 ) ■ ■ ■ (, q m - q d ~ x ) _ ( q m ~ 1 - 1 )(q m ~ 2 -!)••• ( q m ~ d+1 - 1) 



iq d - q)(q d - r) ■ ■ ■ (q - q d ~ x ) 



— 1 ){q d ~ 2 — 1) 

m — 1 
d - 1 . 

J 7 



(q- 1 ) 



= A. 



Now, it is easy to see that every block has size q d . Given that k and A are 
constants, it follows that we have a BIBD, and the parameters b and r can be 
determined by straightforward algebra. □ 

The construction above includes affine planes in the special case m = 2, 
d = 1. A line in the affine plane is the same thing as a 1-flat in AG 2 (q). Here 
is an example of this construction with d > 1 . 
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Example 5 . 13 . Suppose we take q = 3, m = 3, and d = 2 in Theorem 5.12. The 
resulting BIBD is a resolvable (27, 39, 13, 9,4)-BIBD. There are r = 13 parallel 
classes, each of which contains one two-dimensional subspace of (Z3) 3 and 
its two cosets. 

The thirteen two-dimensional subspaces of (Z3) 3 are the solutions to ho- 
mogeneous linear equations over Z3 in three variables. These are tabulated 
as follows: 

equation subspace 

^0 {000, 001, 002, 010, Oil, 012, 020, 021, 022} 

x 2 = 0 {000, 001, 002, 100, 101, 102, 200, 201, 202} 

x 3 = 0 {000, 010, 020, 100, 110, 120, 200, 210, 220} 

x 1 +x 2 = 0 {000,001,002,120,121,122,210,211,212} 

x 1 +2x 2 = 0 {000,001,002,110,111,112,220,221,222} 

x 1 +x 3 = 0 {000,010,020,102,112,122,201,211,221} 

X! +2x 3 = 0 {000,010,020,101,111,121,202,212,222} 

x 2 + x 3 =0 {000,100,200,012,112,212,021,121,221} 

x 2 + 2x 3 = 0 {000, 100, 200, 011,111,211, 022, 122, 222} 

X!+X 2 + X 3 = 0 {000,111,222,012,120,201,021,102,210} 
x a + x 2 + 2x 3 = 0 {000, 112,221,011, 120,202,022, 101,210} 
x a + 2x 2 + x 3 = 0 {000, 121,212,011, 102,220,022, 110,201} 
xi + 2x 2 + 2x 3 = 0 {000,211, 122, 101,012,220,202, 110,021} 

I 

Recall that we showed in Theorem 5.9 that any affine plane is resolvable. 
However, this result does not carry over to all designs having parameters as 
given in Theorem 5.12. It turns out that, if d > 1, there are BIBDs having 
parameters of the given form that are not resolvable. For example, there exist 
(8, 4,3)-BIBDs that are not resolvable. 

5.3 Bose's Inequality and Affine Resolvable BIBDs 

The following inequality of Bose provides a necessary condition for the exis- 
tence of a resolvable BIBD. 

Theorem 5.14 (Bose's Inequality). If there exists a resolvable (v,b,r,k, A)- 
BIBD, then b > v + r — 1. 

Proof. We again use the technique of Theorem 1.33 and Theorem 2.2. In the 
proof of Theorem 1.33, Equation (1.5) showed that each basis vector e, £ !R" 
can be expressed as a linear combination of the vectors in S = {si, . . . , S/,}. 
We are now given a resolvable BIBD, (X, A). For 1 < i < r, define 

(z — l)v „ , iv 

nij = i I- 1 and zz; = — . 

K K 
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Suppose that the blocks are labeled so that the r parallel classes are 

n, = {Aj : nij <j< «,}, 

1 < i < r. Since each n, is a parallel class, we have that 

E 8/=( 1 1) 

i=m 

for 1 < i < r. From this, it follows that 

111 n i 

S rm = E s ; “ E s ; (5- 1 ) 

j=m\ j=nii + 1 

for 2 < i < r. In other words, the r — 1 vectors in the set 

S = {S ff ; 2 , • • • , 

can be expressed as linear combinations of the b — r + 1 vectors in S\S'. 

Now, since the b vectors in S span IR 1 ’, it follows that the b — r + 1 vectors 
in S\S' span IR ?I . Since TR 7 ’ has dimension v and is spanned by a set of b r + 1 
vectors, it must be the case that b > v — r + 1. □ 

Recall that Fisher's Inequality (Theorem 1.33) says that b > v in any BIBD. 
Bose's Inequality strengthens Fisher's Inequality whenever the BIBD is re- 
solvable. 

The following lemma provides an alternate way of stating Bose's Inequal- 
ity. 

Lemma 5.15. Suppose (v, b, r,k,A) are the parameters of a BIBD. Then b > v + 
r — 1 if and only ifr>k + A. 

Proof. Suppose that b > v + r — 1. This implies that b > v and hence r > k. 
Then we have the following: 



vr 



k 

v(r — k) 



> v + r — 1 



v > 



> r — 1 
k{r — 1) 



r — k 



r(k — 1) + A k(r — 1) 
A ~ r — k 

r(k — l)(r — k) + A (r — k)> Ak(r — 1) 
r(k — 1 )(r — k) > Ar(k — 1) 
r — k> A. 



□ 
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Corollary 5.16. If there exists a resolvable (v, b, r,k, A)-BIBD, then r >k + A. 

The results above motivate the following definition. 

Definition 5.17. A resolvable BIBD with b = v + r — 1 (or, equivalently, if r = 
k + A) is said to be an affine resolvable BIBD. 



Affine planes are affine resolvable because r = n + 1 = k + A. More 
generally, we obtain an affine resolvable BIBD from Theorem 5.12 whenever 
d = m — 1 . This follows by verifying that 



q m - 1 
q-1 



m 

m — 1 

J <7 



= q 



m — 1 



m — 1 
m —2 



= R 



m — 1 



q m ~ x - 1 

< 7-1 ' 



which can be done by simple algebra. Thus we have the following result. 

Corollary 5.18. Let q be a prime power and let m > 2. Then there is an affine 
resolvable (q m ,q m ~ 1 ,A)-BIBD, where A = ( q m_1 — l)/(q — 1). 



Observe that affine resolvable BIBDs are quasiresidual. In Corollary 2.15, 
we already constructed residual BIBDs having the same parameters as those 
from Corollary 5.18. It can be shown that the BIBDs obtained from these two 
corollaries are, in fact, isomorphic. 

There are not many other known constructions for affine resolvable BIBDs. 
One such infinite class of affine resolvable BIBDs is derived from Hadamard 
matrices. We show how to construct this class of designs now. 

We know from Theorem 4.5 that a Hadamard matrix of order Am is equiv- 
alent to a (symmetric) (Am — 1,2 m — 1 ,m — 1)-BIBD, say (X, A). Applying 
Theorem 1.32, the block complement of (X, A) is a (Am — 1, 2m, »z)-BIBD, say 
(X, B). Let oo f X, and define X' = X U {oo}. For every A £ A, define 
A' = A U {oo}, and define A! = {A 1 : A £ A}. Then it is not hard to prove 
that (X' , A' U B) is an affine resolvable (Am, 8m — 2, Am — 1,2m, 2m — 1)-BIBD, 
where each parallel class consists of two blocks. Thus we have the following. 

Theorem 5.19. If there exists a Hadamard matrix of order Am, then there exists an 
affine resolvable (Am, 2m, 2m — 1)-BIBD. 

Example 5.20. {1,2,4} is a (7, 3,1) -difference set in Z 7 which generates a 
(7, 3, 1)-BIBD. The affine resolvable (8,4,3)-BIBD produced by the construc- 
tion preceding Theorem 5.19 has the following blocks: 



{oo,l,2,4} {0, 3, 5,6} 
{ 00 , 2, 3,5} {1,4, 6,0} 
{05,3,4,6} {2, 5, 0,1} 
{«5,4,5,0} {3,6, 1,2} 
{05,5,6,1} {4, 0,2, 3} 
{05,6,0,2} {5, 1,3,4} 
{05,0,1,3} {6,2, 4,5}. 



I 
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Recall that Theorem 2.2 states that any two distinct blocks in a symmetric 
BIBD intersect in exactly A points. There is a similar result for affine resolv- 
able BIBDs. 

Theorem 5.21. Any tzvo blocks from different parallel classes of an affine resolvable 
(v,k, A)-BIBD intersect in exactly k 2 / v points. 

Proof. We will show that \A\C\ A f = k 2 /v for m 2 < j < b. We start by setting 
h = 1 in Equation (2.1): 



b \k b 

(r-A) Sl + £— s/ = J2\Ai^Aj\sj. (5.2) 

/'= 1 7=1 

Using Equation (1.2), which states that £ s • = (r, . . . , r), and the fact that Eli 
is a parallel class, we can rewrite Equation (5.2) as follows: 

(r - A)si + Yj Xks i = E \ A l nA j\ s j- ( 5 - 3 ) 

j=m\ ] : =1 

In the proof of Theorem 5.14, we showed that the b — r + 1 vectors in S\S' 
span IRA Since we are now assuming that b = v — r + 1, it must be the case 
that S\S' is a basis for IRA 

Equation (5.3) can be rewritten in terms of the basis S\S'. This can be 
done by using Equation (5.1) to eliminate the vectors in S' from the right side 
of Equation (5.3). (Note that none of the vectors in S' appear on the left side 
of Equation (5.3).) Denote fj = {m\, . . . ,n\}, I 2 = {/«; : 2 < i < r}, and 

l 3 = {l b}\(JiUJ 2 ). 

We obtain the following: 

(r — A) si + Y xks j 
7'eh 

= E \ A irtAj\sj+ Y \ A i r\Aj\sj+ Y IMnAjlsj 

jeh jel 2 jel 3 

r 

= Y \ A 1 t3 Aj | S j + Y \ A 1 n A mj\s mi + Y \ Al n ^/l s ; 

jeh i = 2 jei 3 

= E l^l nA /l s / + El^l nA m,l ( E s 7 “ E s 7 ) 

jeh i = 2 \jeh ;'=m ; +l / 

+ E 1^1 n A j\ s j- 

jzi 3 



Now, consider the coefficient of a vector sy, j € 1 3. For any such j, we have 
m 1 + 1 < j < nj for some i, 2 < i < r. The coefficient of s ; on the left side of 
the equation above is 0, and the coefficient on the right side is 
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\AinAj\ - \Ai n A nij \. 

Since S\S' is a basis, it must be the case that \A\ Ci Ap \ — \ A\ n A mi | = 0, so 
|AiflA ; -| = \AinAm.\. 

It follows that there exists a constant }i such that \ A \ C Ap\ = pi for all j, 
m i < / < n,-. Since FI is a parallel class consisting of v/k blocks, we have 

k=\Ai\ = E \AinAj] = *p 

j= m i 

so pi = k 2 /v. This completes the proof. □ 

We present an example to illustrate how Theorem 5.21 can be used to 
show that certain resolvable BIBDs do not exist. 

Example 5.22. A resolvable (28, 7, 2)-BIBD would have r = 9 and b = 63. 
Since 9 = 7 + 2 (i.e., r = k + A), a resolvable (28, 7, 2)-BIBD would be affine 
resolvable. By Theorem 5.21, any two blocks from different parallel classes 
would intersect in k 2 /v = 7/4 points. Since 7 /4 is not an integer, there does 
not exist a resolvable (28, 7, 2)-BIBD. (We note, however, that there do exist 
(28, 7,2)-BIBDs that are not resolvable.) I 

Finally, we describe a convenient way to parameterize affine resolvable 
BIBDs. In an affine resolvable BIBD, we write pi = k 2 /v. As above, pi must be 
an integer. Now, the number of blocks in a parallel class is 

v k 
k pi' 

so it must be the case that k = 0 mod pi. If we write n - k/ pi, then we have 

k 2 2 

v = — = n pi. 

V 

Now, let us proceed to express A in terms of n and pi. Since A(z> — 1) = r(k — 1) 
and r = k + A, we have 



A(p-l) = (k + A) (k — 1) 



and hence 



Thus 



A = 



A(z; — k) = k(k — 1). 
k(k — l) npi(npi — 1) npi — 1 



v — k n 2 pi — npi n — 1 
Any affine resolvable BIBD must have parameters of the form 
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( 2 n]i- 1\ 

[ n V’ n V'-^T)' 

and, conversely, any resolvable BIBD having parameters of this form is 
affine resolvable. We will denote such a BIBD as an (n, /p-ARBIBD. The de- 
signs constructed in Theorem 5.19 are (2, m)-ARBIBDs, and those obtained 
from Corollary 5.18 are (q, ^ m-1 )-ARBIBDs. For example, we constructed an 
affine resolvable (27,9,4)-BIBD in Example 5.13. This is denoted as a (3,3)- 
ARBIBD. 

5.3.1 Symmetric BIBDs from Affine Resolvable BIBDs 

In this section, we present a construction of certain symmetric BIBDs from 
affine resolvable BIBDs. Suppose that there is an affine resolvable (v, b, r, k , A)- 
BIBD, say (X, .4), having parallel classes Tli, ..., IT,-. Let X = {x; : 1 < i < v}. 
We define several vxv matrices, denoted Mi, . . . , M r , as follows. Let 1 <h< 
r. Then M /, = (mj-B), where 




if there exists A e Tl h such that x\, Xj € A 
otherwise. 



Let Mo be a v x v matrix of zeroes, and define M to be the following (r + 
l)v x (r + l)v matrix: 



M = 



( Mo Mi M2 • • • 
Mi M2 M3 • • • 
M2 M3 M4 • • • 



Mr \ 

M 0 

Mi 



\ M r M 0 Ml ■ • • M,._1 ) 



The matrix M, as described above, can be shown to be the incidence matrix 
of a symmetric BIBD. Therefore, we have the following result. 

Theorem 5.23. Suppose there exists an affine resolvable (v,b,r,k, A)-BIBD. Then 
there exists a (symmetric) (( r + l)v,kr,kA)-B\BD. 

The following corollary is obtained by using affine planes of prime power 
order in Theorem 5.23. 



Corollary 5.24. Suppose that q is a prime power. Then there exists a (symmetric) 
(q 2 (q + 2),q(q + l),q)-B\BD. 

Example 5.25. Lrom an affine plane of order 3, we can construct a (symmetric) 
(45, 12,3)-BIBD. Suppose we start with the (9, 3, 1)-BIBD presented in Exam- 
ple 1.4. The four parallel classes are easily seen to be the following: 
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n x = {123,456,789}, 
n, = {147,258,369}, 
n 3 = {159,267,348}, and 
n 4 = {168,249,357}. 



The matrices M \ and M 2 are as follows: 



Mi 



/I 1 1000000\ 
111000000 
111000000 
000111000 
000111000 
000111000 
000000111 
000000111 
\0 0 0 0 0 0 1 1 1 / 



and 



m 2 



/ 100100100 \ 
010010010 
001001001 
100100100 
010010010 
001001001 
100100100 
010010010 
\oo 1 0 0 1 0 0 1/ 



The matrices M 3 and M 4 are constructed in a 
matrix 



M = 



( Mg Ml M 2 M 3 
Mi M 2 M 3 M 4 
M, M 3 M 4 Mg 
M 3 M 4 Mg Mi 



similar fashion, and then the 

M 4 \ 

M 0 

Mi 

M 2 



y M4 Mg Mi M2 M3 / 



is the incidence matrix of a (45, 12, 3)-BIBD. 



I 



5.4 Orthogonal Resolutions 

Suppose (X, A) is a (v,k, A)-BIBD. Suppose that TIi, . . .,Tl r are the parallel 
classes in a resolution of (X, A), and suppose that TT} , . . . , TT) are the parallel 
classes in a second resolution of (X, hi). These two resolutions of (X, hi) are 
orthogonal resolutions if |TTy n IT} < 1 for all 1 < j,h < r. (In other words, no 
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two parallel classes, one from each resolution, contain more than one block 
in common.) 

Closely related to the notion of orthogonal resolutions is an object called 
a "generalized Room square", which we define now. 

Definition 5.26. Suppose that v, k, and A are integers with 2 < k < v and A > 1. 
A generalized Room square GRS(v,k, A) is an r by r array (inhere r = \(v — 
1) / (k — 1)), say R, that satisfies the following properties: 

1. each cell ofR either is empty or contains a k-subset of a set X ofv points; 

2. every point appears in exactly one cell in each row (or column) ofR; 

3. (X,A) is a (v,k, A)-BIBD, where the set of blocks A is obtained from the 
nonempty cells ofR. 

Theorem 5.27. There exists a GRS (v,k,A) if and only if there exists a (v,k, A)- 
BIBD having orthogonal resolutions. 

Proof. It is clear that the nonempty cells in each row (column, respectively) of 
a GRS(i;,A:,A) yield a parallel class of the (v,k, A)-BIBD. The set of all parallel 
classes formed from the rows (columns, resp.) of the GRS comprise a resolu- 
tion of the ( v,k , A)-BIBD. Furthermore, these two resolutions are orthogonal: 
two parallel classes (one from each resolution) contain one common block if 
the cell that is the intersection of the corresponding row and column in the 
GRS is nonempty; and they have no blocks in common otherwise. 

Conversely, suppose we have two orthogonal resolutions of a (v, k, A)- 
BIBD, say FI, (1 < i < r) and IT' (1 < j < r), where, as usual, r is 
the replication number of the BIBD. Construct an r by r array, R, in which 
R(i, j) = IT, n n' for 1 < i,j < r. It is easy to see that the array R is a 
GRS(v,k, A). □ 

Example 5.28. We exhibit a GRS (8, 2, 1): 



ooO 






64 




32 


51 


m 
























m 








ES 








Kil 








m 
























n 


g] 


n 









This generalized Room square is equivalent to two orthogonal resolutions of 
an (8, 2, 1)-BIBD, denoted by IT, (0 < i < 6) and FI' (0 < i < 6), respectively, 
which are depicted in Figure 5.1. S 

It is trivial to show that a GRS (4, 2, 1) does not exist. It is also true, but not 
so easy to prove, thata GRS(6,2,1) does not exist. Therefore, the GRS(8,2,1) 
presented in Example 5.28 is the smallest GRS(iy 2, 1) that exists. 
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n 0 


= {oo0,64,32,51} 


n o = 


{oo0,62,31,54} 


Hi 


= {ool,05,43,62} 


n i = 


{ool,03,42,65} 


n 2 


= {oo2,16,54,03} 


n 2 = 


{oo2, 14,53,06} 


n 3 


= {oo3, 20,65, 14} 


n 3 = 


{oo3,25,64,10} 


n 4 


= {oo4,31,06,25} 


n 4 = 


{oo4,36,05,21} 


n 5 


= {oo5,42,10,36} 


n 5 = 


{oo5,40,16,32} 


n 6 


= {oo6,53,21,40} 


n 6 = 


{oo6,51,20,43}. 


Fig 


. 5.1. Orthogonal Resolutions of 


an (8,2, 1)-BIBD 



We next describe a technique whereby infinite classes of GRS(p,2, 1) can 
be constructed. First, we require a definition. Suppose that G is an additive 
Abelian group of order n, where n is odd. A strong starter in G is a set of (n — 
l )/2 unordered pairs {{s,-, t,} : 1 </<(« — 1 ) / 2 } such that the following 
properties are satisfied: 

1. {8^:1 <;<(« — 1)/2} = G\{0}; 

2. {±( S/ - U) : 1 < i < (n — l)/2} = G\{0}; 

3. Sj + tj^0 for all z; and s,- + f,- ^ Sy + tj if i f j. 

As an example, it is easy to verify that { {3, 2}, { 6 , 4}, {5, 1} } is a strong starter 
in the group (Z 7 , + ). 

We have the following construction method for GRS(zz, 2, 1) using strong 
starters. 

Theorem 5.29. Suppose that G is an additive Abelian group of order n, where n is 
odd, and suppose that there exists a strong starter in G. Then there is a GRS(n + 
1 , 2 , 1 ). 

Proof. Let S be a strong starter in G. We construct an n by n array, denoted 
R, the rows and columns of which are indexed by the elements of G. The 
points in R will be the elements in G U { 00 }, where 00 <0 G. Here is how R is 
constructed: For all g € G, place the pair { 00 , y} in R (g, g ) ; and for all g G G 
and all {s, t} G S, place the pair {s + g, t + y} in R(g, s + t + g). 

It is not hard to see that every cell of R contains an unordered pair of 
points or is empty (this follows from property 3 of a strong starter). It is also 
easy to see that every unordered pair of points occurs in exactly one cell of 
R (this follows from property 2 of a strong starter). The fact that row 0 of R 
contains each point follows from property 1 of a strong starter. From this, it 
is easy to see that every row of R contains each point. 

Thus it remains only to show that each column of R contains each point. 
Consider column 0. It is not hard to see that the pairs occurring in column 0 
are { 00 , 0} and {— s, — t} for all {s, t} G S. Property 1 of a strong starter then 
can be used to show that every point occurs in column 0 of R. From this, it is 
easy to see that every column of R contains each point. □ 

Strong starters in many finite fields can be constructed by the following 
method due to Mullin and Nemeth. 
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Theorem 5.30 (Mullin-Nemeth Strong Starters). Suppose that q = 2 a b + 1 is 

an odd prime power, where a is a positive integer and b > 1 is odd. Then there exists 
a strong starter in (F ? , +). 

Proof. We use notation introduced in Section 3.6. Let co be a primitive element 
of F q, and define 

H = {co 2 "’ : 0 < i < b — 1}. 

H is a subgroup of the multiplicative group (F l? \{0}, •) having order b. De- 
note the cosets of H by Hq, . . . , H^-i, where Hj = u dH, 0 < j < 2 a — 1. 

Now define 

2 fl - 1 — l 

H-= |J ", 

;=0 

and 

S = {{x,cv 2 “ 1 x} : x G H*}. 

We will show that S is the desired strong starter. 

First, we observe that co 2 " 1 G H 2 a- i, which implies that 

[l,co 2a ^]oH* =G\{0}. 

This implies that {s f,} = G\{0}. 

Next, we observe that —1 = a> 2 " h . Using the fact that b is odd, it is easy 
to show that 2"' ] b mod 2" = 2 fl_1 , and hence —1 G H 2 a- 1 . This implies that 

[1,-1] oH* = G\{0}. 

Also, u) 2 “ 1 f 1 . It follows from these observations that 

{±{ Si -ti)}= MolZ-'-lloH* 

= [a; 2 '" 1 - 1] O G\{0} 

= G\{0}. 

It is also true that co 2 " ' / -1 because b > 1. Then, in a similar fashion, 
we see that 

{±(s/ + ff)} = [1, —1] o [co 2 “~ l + 1] o H* 

= [cu 2 " 1 + 1] O G\{0} 

= G\{0}. 



This implies that s,- + f, 7^ 0 for all /, and S; + f,- 7^ sy + fy if i 7^ j. This 
completes the proof that S is a strong starter. □ 
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Example 5.31. We construct a strong starter in (Z 13 , +) using Theorem 5.30. 
13 = 2 2 3 + l, so a = 2 and b = 3. cu = 2 is a primitive element of Z 13 and 
H = {3,9, 1}. The cosets of H are 

H 0 = {3,9,1} 

Hi = {6,5,2} 

H 2 = {12,10,4} 

H 3 = {11,7,8}, 

and therefore 

H* = {3,9, 1,6, 5, 2}. 
m 2 " 1 = 4, and the strong starter is 

{{x,4xj : x £ H*} = {{3, 12}, {9, 10}, {1,4}, { 6 , 11}, {5,7}, {2,8}}. 



I 

Let us examine the hypotheses of Theorem 5.30. It is clear that any odd 
prime power q can be written in the form q = 2 a b + 1 , where a and b are 
positive integers and b is odd. Theorem 5.30 can be applied unless b = 1; i.e., 
the only bad cases are when q = 1 a + 1. It is possible to show that the only 
prime powers q of the form 2 a + 1 are the following: 

• q is a Fermat prime. (For an integer n > 0, the M/th Fermat number is 
defined to be F m = 2 2 '" + 1. If F m is prime, it is called a Fermat prime. The 
only known Fermat primes are Fq, F\, F 2 , F 3 , and F 4 .) 

• q = 9. 

There is a bit more that can be said. By a different construction, it can be 
shown that there exists a strong starter in (Z„,+) whenever n is a Fermat 
number F m with m > 2. It is known that there is no strong starter in the 
groups (Z 3 , +), (Z 5 , +), (Z 9 , +), or (Z 3 x Z 3 , +), and it has been conjectured 
that these are the only finite Abelian groups of odd order exceeding 1 that do 
not contain a strong starter. 



5.5 Notes and References 

Furino, Miao, and Yin [46] is a monograph that is devoted to resolvable 
BIBDs and related designs. 

Bose's Inequality was proven in [14]. Shrikhande [94] is a survey on affine 
resolvable designs. Theorem 5.23 is due to Wallis [114]. 

Theorem 5.30 is proven in [82], A GRS(zy 2, 1) is often called a Room square ; 
for a survey of these objects, see Dinitz and Stinson [42]. 
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5.6 Exercises 



5.1 

5.2 

5.3 

5.4 

5.5 



5.6 



5.7 



5.8 



Construct an affine plane of order 4 using the finite field F4, where 

F 4 = Z 2 [x]/(x 2 + x + 1). 

Use a (21, 5, Indifference set to construct a projective plane of order 4. 
Then, construct an affine plane of order 4 from this projective plane, 
and write out the parallel classes in this affine plane. 

Prove that there does not exist a resolvable (n, f , f — l)-BIBD i f 11 = 2 
(mod 4). 

Prove that there exists a resolvable (n, f , f — l)-BIBD if n = 0 (mod 4) 
and a Hadamard matrix of order n exists. 

Let G be the permutation group of order 7 on the set X = {0, . . . , 7} 
that is generated by the permutation a = (0 1 2 3 4 5 6) (7). 

(a) Show that the two orbits containing the blocks {1,2,4, 7} and 
{0, 1,2,4} yield a (7,4,3)-BIBD. 

(b) Prove that this BIBD is not resolvable. 

(a) Suppose there exists a (symmetric) ( , ''X-i ' '^T^ -BIBD, 

say (X, hi), where n > 1 and 11 > 1 are integers. Suppose also 
that the residual BIBD of (X, hi) is affine resolvable. Prove that 

there exists a (symmetric) ( "n~\ , ppry, 7^) -BIBD. 

Hint: The derived BIBD of (X,hl) is a 3y, yprr)- 

BIBD in which every block is repeated n times. 

(b) Suppose that there is an («,/;)-ARBIBD and a \ 

BIBD, where n > 1 and ji > 1 are integers. Prove that there is a 



( jpfi— 1 n 2 /(— 1 n}i—l\ 
n— 1 7 11— 1 7 11— 1 y 



-BIBD. 



This exercise provides a proof of Theorem 5.23. 

(a) Prove that (r — l)p = kA in an affine resolvable BIBD. 

(b) Prove the following regarding the matrices Mi, . . . , M r . 

i. M/M/ 1 = kMi for 1 < i < r. 

ii. M/My T = }ij v for 1 < i,j <r,i^= j. 

iii. Mi + • • • + M r = A/d + (r — AjU. 

(c) Prove that MM T = k\J v ^ r+ ^ + k(r - A)Ij,( r+ i), and hence M is 
the incidence matrix of a symmetric BIBD. 

A strong starter S = {{s;, f;} : 1 < i < (n — l)/2} in an additive group 
G of odd order n is skezv provided that 



{±(s / + ti) : 1 < i < (n - l)/2} = G\{0}. 



Prove that the Mullin-Nemeth strong starters are skew. 

5.9 A starter in an additive group G of odd order n is a set of (n — l)/2 
unordered pairs {{s;, f/} : 1 </<(« — 1) / 2} such that the following 
properties are satisfied: 

(a) {s;, f; : 1 < i < (n — l)/2} = G\{0};and 
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(b) {±( S/ - U) : 1 < i < (n - l)/2} = G\{0}. 

Suppose that S = {{s;,f;} : 1 < i < (n — l)/2} and U = {{u ir Vi} : 
1 < i < (n — l)/2} are both starters in G. Without loss of generality, 
suppose that s,- - f, = w, - v u 1 < i < (n — l)/2, and denote «,• = 
Sj — m,-, 1 < i < (n — l)/2. We say that S and U are orthogonal starters 
provided that a,- ^ 0 for all i; and «,• ^ fly if i ^ j. 

(a) Prove that the existence of a strong starter in G implies the exis- 
tence of orthogonal starters in G. 

(b) Prove that orthogonal starters in G can be used to construct a 

GRS(m + 1,2,1). 

(c) Find orthogonal starters in (Zg,+) and use them to construct a 
GRS(10, 2,1). 

5.10 Suppose (X,A) is a (v,k, A)-BIBD. A near parallel class in (. X,A ) is a 
subset of disjoint blocks from A whose union is X\ {x } for some point 
x £ X, which is called the deficient point of the near parallel class. A 
partition of A into near parallel classes is called a near resolution, and 
(X, A) is said to be a near resolvable BIBD if A has at least one near 
resolution. 

(a) Suppose that (X, A) has a near resolution. Prove that every point 
x £ X is the deficient point of exactly r/(v — 1) near parallel 
classes. 

(b) Then prove that A = a(k — 1), where a is a positive integer. 




6 



Latin Squares 



6.1 Latin Squares and Quasigroups 

We begin with a definition. 

Definition 6.1. A Latin square of order n with entries from an n-set X is annxn 
array L in which every cell contains an element ofX such that every rozv of L is a 
permutation ofX and every column ofL is a permutation ofX. 

It is easy to construct a Latin square of any order n > 1. For example, we 
could take the first row to be 



E 


E 


_ 


n 



and then shift this row cyclically to the right by 1,2 ,...,« — 1 positions to 
construct the remaining n — 1 rows. 

Example 6.2. A Latin square of order 4. 



i 


2 


3 


4 


4 


T 


2 


3 


3 


4 


1 


2 


2 


3 


4 


T 



I 

Closely related to Latin squares are algebraic objects called quasigroups, 
which we define now. 

Definition 6.3. Let X be a finite set of cardinality n, and let o be a binary operation 
defined on X (i.e., o : X x X — > X). We say that the pair (X, o) is a quasigroup of 
order n provided that the following two properties are satisfied: 

1. For every i,ye X, the equation x o z = y has a unique solution for z € X. 

2. For every i,yg X, the equation z o x = y has a unique solution for z € X. 
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The operation table of a binary operation o defined on X is the |X| x |X| 
array A = ( a x ,y ), where a x ,y = xoy. The following simple observation relates 
quasigroups to Latin squares. 

Theorem 6.4. Suppose o is a binary operation defined on a finite set X of cardinality 
n. Then ( X , o) is a quasigroup if and only if its operation table is a Latin square of 
order n. 

It should be clear that the notions of quasigroups and Latin squares pro- 
vide two different ways of looking at the same thing. We will use both points 
of view at various times. 

We begin by investigating quasigroups (or Latin squares) that satisfy two 
special properties that we define now. 

Definition 6.5. Suppose (X, o) is a quasigroup. We say that (X, o) is an idempo- 
tent quasigroup if x oi = xfor all x £ X, and zve say that (X, o) is a symmetric 
quasigroup if xoy = y o xfor all x, y £ X. 

These concepts can also be defined for Latin squares in the obvious way: 
A symmetric Latin square L = (£ x ,y) is one in which £ X/ y = ty /X for all x, y, and 
an idempotent Latin square is one in which £ X/X = x for all x. 

Example 6.6. Let X = {1,2}. There are exactly two Latin squares defined on 
X, as follows: 

W\W 

2|t][T]2 

Both of these Latin squares are symmetric, but neither of them is idempotent. 

Example 6.7. Let X = { 1, 2, 3}. There are exactly twelve Latin squares defined 
on X, as follows: 

TT 2 T 3 ] [Ij2j3j [TT 3 T 2 ] [Tj3]2 

Li = 2 3 1 L 2 = 3 12 L 3 = 2 13 L 4 =321 

3\l\2\ \2\3\l\ \3\2]1\ [2|T]3 

2 TTT 3 I [ 2 TTT 3 ] [2j3jlj f2|3jl 

L 5 = 13 2 L 6 =321 Ly = 12 3 L s = 3 12 
3|2}T] \lf2\3\ \3\T\2\ \1 ]2]3 

3]Tf2] [ 3 TTT 2 ] [ 3 T 2 TTI [3|2]T 

L 9 = 123 L 10 = 2 3 T L n = 132 L n = 213 

2|3}T| \lf2\3\ [2}T|3l [T \3f2 



The only idempotent square in the list above is L 4 ; the squares L 4 , L 4 , L5, Lg, 
L9, and L]2 are symmetric. S 
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It is not difficult to construct idempotent Latin squares (or quasigroups) 
of all orders n > 2 and symmetric Latin squares (or quasigroups) of all or- 
ders n > 1 . In the rest of this section, we discuss the problem of constructing 
quasigroups that are both symmetric and idempotent. These will have appli- 
cations to the construction of (v,3, l)-BIBDs; see Section 6.2. 

We begin by establishing a simple necessary condition for the existence 
of a symmetric idempotent quasigroup of order n . 

Lemma 6.8. If there exists a symmetric idempotent quasigroup of order n, then n is 
odd. 

Proof. Suppose that o:XxX— >Xisa symmetric quasigroup. Let z € X, 
and define S = {(x,y) : xoy = z}. Since o is idempotent, it follows that 
(x,x) e S if and only if x = z. Since o is symmetric, it follows that (x,y) € S 
if and only if (y, x) e S. Hence, {{x,y} : x f y, x o y = z} is a partition of 
X\{z} into sets of size two. Therefore |X| — 1 is even, and hence |X| is odd. 

□ 



We now construct the desired quasigroups for every odd order. Suppose 
n is odd, and consider the group (Z„, +). Because (Z„,+) is a group, it is 
automatically a quasigroup. It is also symmetric because addition modulo n 
is commutative. 

This quasigroup is not idempotent; however, we will be able to modify it 
so it is. When n is odd, the list of values on the main diagonal of the operation 
table of (Z„,+)is (in order) 

(x + x mod n : x € Z„) = (0,2,4, . . .,n — 1, 1, 3, . . .,n — 3). 



This is a permutation of Z„. Therefore the operation table of (Z,„ +) has all 
the elements of Z„ on its main diagonal but not in the correct order. How- 
ever, we can rectify this by permuting (i.e., relabeling) the symbols so that 
the diagonal elements are 0, 1, . . ., n — 1 (in this order). We therefore define 
a permutation n to be 7r(0) = 0, n(2) = 1, ..., n(n — 1) = (n — l)/2, 
7r(l) = (n + l)/2, 7t(3) = (n + 3)/2, . . ., n(n — 3) = n — 1. In fact, the 
permutation n can be described by the formula 



7 x(x) = 2 1 x mod n 




x mod n 



since the multiplicative inverse 2 -1 mod n = (n + l)/2 whenever n is odd. 
Hence, one binary operation o, defined on { 0, ...,// 1 }, that yields a sym- 

metric idempotent quasigroup, is as follows: 



xoy 



fn + 1 



(x + y) mod n. 
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Example 6.9. Suppose n = 5. The binary operation 

xo y = 3(x + y) mod 5 

defines a symmetric idempotent quasigroup on the set {0, 1, 2, 3, 4}. The cor- 
responding Latin square is as follows: 



0 


3 


1 


4 


2 


3 ] 


1 


4 


2 


0 


1 


4 


2 


0 


3 


3 


2 


0 


3 


1 


2 


0 


3 


1 


4 



I 

The discussion above, together with Lemma 6.8, establishes the follow- 
ing. 

Theorem 6.10. There exists a symmetric idempotent quasigroup of order n if and 
only if n is odd. 



6.2 Steiner Triple Systems 

A Steiner triple system of order v, or STS(i>), is a (v, 3, 1)-BIBD. Since BIBDs 
with k = 2 are trivial, Steiner triple systems are the simplest type of "in- 
teresting" BIBDs. We have already seen examples of Steiner triple systems: 
an STS(7) was constructed in Example 1.3 and an STS(9) was constructed 
in Example 1.4. Steiner triple systems are, by far, the most-studied type of 
BIBD. In this section, we will determine necessary and sufficient conditions 
for existence of an STS(p). 

We begin by deriving necessary conditions for existence of an STS(f). 

Lemma 6.11. There exists an STS(zz) only ifv = 1, 3 (mod 6), v >7. 

Proof. Since k = 3 and A = 1, we have r = X(v — l)/(fc — 1) = (v — l)/2. 
Hence v = 2r + 1; i.e., v is odd. Now we can compute h = vr/k = v(v — 1) /6. 
Since b is an integer, it must be the case that v ( v — 1) = 0 (mod 6). This 
congruence is satisfied if and only if v = 0, 1,3,4 (mod 6). However, since v 
is odd, we see that v = 1, 3 (mod 6). Finally, since v > k in a BIBD, an STSfz'j 
can exist only if v >7. □ 



In the next two subsections, we will show that these necessary conditions 
are sufficient by constructing an STSfz'j for every v allowed by Lemma 6.11. 
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6.2.1 The Bose Construction 

We now present a construction, due to Bose, that uses symmetric idempotent 
quasigroups to construct Steiner triple systems of all orders v = 3 (mod 6). 
(A modified construction due to Skolem, which we present a bit later, will 
handle the cases v = 1 (mod 6).) 

Let v = 6f + 3, t > 1. Suppose (X, o) is a symmetric idempotent quasi- 
group of (odd) order 2 1 + 1, which exists by Theorem 6.1. Let “<" be any 
total ordering defined on X. Define Y = X x Z 3 . (Y will be the set of points 
in the STS(zz) that we construct.) For every x € X, define a block 

= {(x,0), (x, 1), (x,2)}. 

Then for every x,y £ X, x < y, and for every i £ Z3, define a block 
B x ,y,i = {(x,i),{y,i),(xoy,(i + 1) mod 3)}. 

Then define 



= {A x : x £ X} U {B X yi : x,y £ X,x < y,i £ Z3}. 

In Figure 6.1, we show pictorially how three blocks are constructed from 
one entry of (X, o), say xoy = z. 





Fig. 6.1. The Bose Construction 



We will show that (Y, B) is an STS(Z'). Clearly there are v points in Y, and 
every block in B contains three points. Flence, it suffices to show that every 
pair of points occurs in exactly one block. 
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Consider the pair of points ( oc,j ), (j 6,k). If a. = fS, then j ^ k , and this 
pair occurs in the block A a and in no other block. Hence we can assume that 
oc Without loss of generality, suppose that a < (3. 

We consider three cases: 

1. If k = j, then this pair occurs in the block B a pj and in no other block. 

2. If k = (/ + 1) mod 3, then the equation x o oc = /5 has a unique solution 
x = 7 . Note that 7 ^ a. since a / /> and o is idempotent. If 7 < a, then the 
pair (a,;), () 6,k) occurs in the block B 7A j and in no other block. If 7 > a, 
then, since o is symmetric, the pair (a,/), (/3, k) occurs in the block B a7r j 
and in no other block. 

3. If j = (k+ 1) mod 3, then the equation x o j] = a has a unique solution 

x = 7 . Note that 7 ^ f3 since a / /> and o is idempotent. If 7 < jS, then 
the pair (a,/), ( fS,k ) occurs in the block and in no other block. If 

7 > j 6 , then, since o is symmetric, the pair (a, j), ( />, k) occurs in the block 
Bp^'k and in no other block. 

The discussion above, together with Theorem 6.1, establishes the follow- 
ing existence result. 

Theorem 6.12. There exists an STS (v)for all v = 3 (mod 6 ), v > 9. 

We illustrate the construction with an example. 

Example 6.13. We construct an STS(15). Suppose we use the symmetric idem- 
potent quasigroup of order 5 constructed in Example 6.9. This quasigroup is 
defined on the set {0,1, 2, 3, 4}. The point set of the design we are going to 
construct is Y = {0,1,2, 3, 4} x {0,1,2}. For convenience, we will write the 
elements of Y as 00,01,02, 10, 11, 12, . . .,40,41,42. 

There are 35 blocks in the STS (15). We present the five blocks A x (0 < 
x < 4) followed by the 30 blocks (0 < x < y < 4, 0 < i < 2) in Figure 

6.2. I 



6.2.2 The Skolem Construction 

The Skolem construction is a modification of the Bose construction. Re- 
call that a symmetric idempotent quasigroup of even order does not exist. 
The Skolem construction instead uses symmetric quasigroups that are half- 
idempotent. Suppose that X = {0, . . . , n — 1 }, where n is even. A quasigroup 
(X, o) is called a half-idempotent qnasigronp provided that 

f x if 0 <x<i} 

X O X — \ „ . c n . z 

(X— 2 if j <x <n. 

In other words, when we look down the diagonal of the operation table, we 
see the entries 
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{ 00 , 01 , 02 } { 10 , 11 , 12 } { 20 , 21 , 22 } 

{30,31,32} {40,41,42} 

{00,10,31} {01,11,32} {02,12,30} 
{ 00 , 20 , 11 } { 01 , 21 , 12 } { 02 , 22 , 10 } 
{00,30,41} {01,31,42} {02,32,40} 
{00,40,21} {01,41,22} {02,42,20} 
{10,20,41} {11,21,42} {12,22,40} 
{10,30,21} {11,31,22} {12,32,20} 
{10,40,01} {11,41,02} {12,42,00} 
{20,30,01} {21,31,02} {22,32,00} 
{20,40,31} {21,41,32} {22,42,30} 
{30,40,11} {31,41,12} {32,42,10} 



Fig. 6.2. The 35 Blocks of an STS(15) 



n n 

01 101 1 

w, j., . . . , ^ . l, • • • , ^ - 1 - 

in that order. 

We will construct a symmetric half-idempotent quasigroup for every 
even order n. Consider the group (Z„, +). As was the case for n odd, (Z„, +) 
is a symmetric quasigroup. We will be able to construct a symmetric half- 
idempotent quasigroup by a simple modification of (Z„, +). 

It is not hard to see that the list of values 

(x + x mod n : x € Z„) 

contains every even residue in Z„ exactly twice when n is even. In fact, the 
main diagonal of the operation table of (Z n , +) is (in order) 

0,2, ... ,n — 2,0,2, ... ,n — 2. 

Hence, it is sufficient to relabel the elements of Z„ in such a way that the 
main diagonal of the operation table becomes (in order) 

n n 

01 101 1 

^ - 1 -/ w / - 1 -/ • • • / 2 ■ L * 

A permutation tc that accomplishes this is as follows: 

{ £ if x is even 
* . 

2±§=! if x is odd. 

Therefore, the quasigroup operation can be defined to be 

x oij = 7 x((x + y) mod n). 

Example 6.14. Suppose n = 6. The permutation n is defined as 7r(0) = 0, 
7r(l ) = 3, 7t(2) = 1, 7t(3) = 4, 7 t( 4) = 2, and tc(5) = 5. The resulting 
symmetric half-idempotent quasigroup has the following operation table: 
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0 


3 


1 


4 


2 


5 


3 


1 


4 


2 


5 


0 


1 


4 


2 


5 


0 


3 


4 


2 


5 


0 


3 


1 


2 


5 


0 


3 


1 


4 


5 


0 


3 


1 


4 


2 



The discussion above establishes the following theorem. 

Theorem 6.15. There exists a symmetric half-idempotent quasigroup of order n if 
and only ifn is even. 

Now we proceed to the Skolem construction. Let v = 6f + 1, t > 1. Sup- 
pose ({0, . . . , 2f — 1}, o) is a symmetric half-idempotent quasigroup of (even) 
order 2 1. Define Y = ({0, . . . , 2t — 1} x Z3) U {00}. (Y will be the set of points 
in the STSft'j that we construct.) For 0 < x < t — 1, define a block 

A x = {(x,0), (x,l), (x,2)}. 

Then for every x,y € {0, . . .,2f — 1}, x < y, and for every i € Z3, define a 
block 

B x,y,i = {(x,i),(y,i),(xoy,(i+ 1) mod 3)}. 

Finally, for 0 < x < t — 1 and for every i G Z3, define a block 
C x j = {00, (x + t, i), (x, ( i + 1) mod 3)}. 

Then define the set of blocks to be 

B = {A x : 0 < x < t — 1} 

LJ { B x,y,i * x r y G Z2 t/X y,i G Z3} 
u {C X/i :0<x<t-l,iG Z 3 }. 

We will show that (Y, B) is an STSfc'j. Clearly there are v points in Y, and 
every block in 6 contains three points. Flence, it suffices to show that every 
pair of points occurs in exactly one block. 

First, consider a pair of points (a,/), 00. If a < t — 1, then this pair occurs 
in the block C a mo j 3 and in no other block. If a. > t, then this pair occurs 
in the block C K _t,j zind in no other block. 

Next, consider the pair of points (ft,/), If a = f < t — 1, this pair 

occurs in the block A a and in no other block. Suppose a = fi > t. Then 
j f k, so without loss of generality we have k = (j + 1) mod 3. The equation 
a o x = a has a unique solution x = 7. If 7 > oc, then this pair occurs in the 
block B a/ y j and in no other block. If 7 < a, then, since o is symmetric, the 
pair (a,;), (f, k) occurs in the block B JA/ j and in no other block. 

Flence we can proceed to the case where 5. Without loss of generality, 
suppose that a <f. 

We consider three cases: 
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1. If k = j, then this pair occurs in the block B a pj and in no other block. 

2. If k = (j + 1) mod 3, then the equation x o cc = f> has a unique solution 

x = 7. Note that 7 / « since oc < f and a o a < a for any a. If 7 < a, 
then the pair ( oc,j ), (/3, k) occurs in the block an d in no other block. 
If 7 > a, then, since o is symmetric, the pair (j B,k) occurs in the 

block B K/ y j and in no other block. 

3. If j = (k + 1) mod 3, then the equation x o j] = a has a unique solution 

x = 7. We have 7 = /5 if and only if f> = <x + t. If this happens, then the 
pair ( a,j ), (/3, k) occurs in the block C a y and in no other block. If 7 < f, 
then the pair f/5, k) occurs in the block and in no other block. 

If 7 > /3, then, since o is symmetric, the pair occurs in the 

block and in no other block. 

Thus we have proved the following theorem. 

Theorem 6.16. There exists an STS (v) for allv = 1 mod 6, v > 7. 

Finally, combining Lemma 6.11 with Theorems 6.12 and 6.16, we obtain 
our main result. 

Theorem 6.17. Tfrere exists an STS(^) if and only ifv = 1,3 mod 6 ,v >7. 

We illustrate the Skolem construction with an example. 

Example 6.18. We construct an STS(19). Suppose we use the symmetric half- 
idempotent quasigroup of order 6 constructed in Example 6.14. This quasi- 
group is defined on the set {0,1, 2, 3, 4, 5}. The point set of the design is 
Y = ({0,1, 2, 3, 4, 5} x {0,1,2}) U {00}. We will write the elements of Y as 
00, 01, 02, 10, 11, 12, ... , 50, 51, 52, 00. 

There are 57 blocks in the STS(19). We present the three blocks A x (0 < 
x < 2) followed by the 45 blocks B X/ yj (0 < x < y < 5, 0 < i < 2) and the 
nine blocks C X/ i (0 < x < 2, 0 < i < 2) in Figure 6.3. I 



6.3 Orthogonal Latin Squares 

Definition 6.19. Suppose that Lj is a Latin square of order n with entries from X 
and Lj is a Latin square of order n with entries from Y. We say that Lj and Lj are 
orthogonal Latin squares provided that, for every x € X and for every y e Y, 
there is a unique cell ( i,j ) such that Li (i,j) = x and L 2 (z, /) = y. 

An equivalent way to define orthogonality of Latin squares is to consider 
the superposition of Li and L2 in which every cell (i,j) is filled in with the 
ordered pair (Li(i,{),L2(i,/)). Then Li and L2 are orthogonal if and only if 
their superposition contains every ordered pair in X x Y. 

In general, it is not easy to construct orthogonal Latin squares. To begin, 
we exhibit a few examples for small orders. 
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{ 00 , 01 , 02 } { 10 , 11 , 12 } { 20 , 21 , 22 } 
{00,10,31} {01,11,32} {02,12,30} 
{ 00 , 20 , 11 } { 01 , 21 , 12 } { 02 , 22 , 10 } 
{00,30,41} {01,31,42} {02,32,40} 
{00,40,21} {01,41,22} {02,42,20} 
{00,50,51} {01,51,52} {02,52,50} 
{10,20,41} {11,21,42} {12,22,40} 
{10,30,21} {11,31,22} {12,32,20} 
{10,40,51} {11,41,52} {12,42,50} 
{10,50,01} {11,51,02} {12,52,00} 
{20,30,51} {21,31,52} {22,32,50} 
{20,40,01} {21,41,02} {22,42,00} 
{20,50,31} {21,51,32} {22,52,30} 
{30,40,31} {31,41,32} {32,42,30} 
{30,50,11} {31,51,12} {32,52,10} 
{40,50,41} {41,51,42} {42,52,40} 
{oo, 30,01} {00,31,02} {oo, 32, 00} 
{oo,40,ll} {oo,41,12} {oo,42,10} 
{oo,50,21} {oo,51,22} {oo,52,20} 



Fig. 6.3. The 57 Blocks of an STS (19) 



Example 6.20. Orthogonal Latin squares of order 3. 




The superposition of Li and L 2 is as follows: 



(1,1) 


(2,2) 


(3,3) 


(2,3) 


(3,1) 


(1,2) 


(3,2) 


(1,3) 


(2,1) 



It is easy to verify that all nine ordered pairs ( i,j ) € {1,2,3} x {l,2,3}occur 
in the superposition of L\ and L 2 . ® 

It is not hard to verify that there is no Latin square that is orthogonal to 
the square given in Example 6.2. However, orthogonal Latin squares of order 
4 do exist, as shown in the next example. 



Example 6.21. Orthogonal Latin squares of order 4. 




I 
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Here is one more example of orthogonal Latin squares. 
Example 6.22. Orthogonal Latin squares of order 8. 




I 

Orthogonal Latin squares of order 1 exist, but they are not very interest- 
ing. It is not difficult to see that there do not exist orthogonal Latin squares of 
order 2. Over 200 years ago, the mathematician Euler conjectured that there 
do not exist orthogonal Latin squares of order n if n = 2 (mod 4). Euler's 
conjecture was proved true for order 6 by Tarry in 1900, essentially by means 
of an exhaustive search. (It was not until the mid-1980s, however, that a short 
theoretical proof of this result was found.) Qn the other hand, for all n > 2, 
n / 6, there exist orthogonal Latin squares of order n. This disproof of Eu- 
ler's conjecture was published in the late 1950s by Bose, Shrikhande, and 
Parker, and it was reported on the front page of the New York Times. We will 
give a simplified proof of this result in Section 6.8. 

We will look at several construction methods for orthogonal Latin squares. 
First, we give a construction that works for all odd n > 1. 

Theorem 6.23. Ifn>lis odd, then there exist orthogonal Latin squares of order n. 

Proof. We define two Latin squares of order n with entries from Z n : 

= ( i + j ) mod n 
Li(i,j) = {i~j) mod n. 

Li and L 2 are easily seen to be Latin squares for any positive integer n. Let's 
prove that they are orthogonal when n is odd. Suppose that (x, y) € Z„ x Z„. 
We want to find a unique cell ( i,j ) such that Li(i,j) = x and £ 2 ( 2 ',;) = y. In 
other words, we want to solve the system 

i+ j = x (mod n) 
i — j = y (mod n) 

for 2 and j. Since n is odd, 2 has a multiplicative inverse modulo 22 , and the 
system has the unique solution 




134 6 Latin Squares 



i = (x + y) 2 1 mod n 
j = (x — y)2 _1 mod n. 

Hence, L] and L 2 are orthogonal. □ 

Example 6.24. We construct orthogonal Latin squares of order 5 using Theo- 
rem 6.23: 




Suppose that L and M are Latin squares of order m and n (respectively) 
defined on symbol sets X and Y (respectively). We define the direct product of 
L and M, denoted Lx M, to be the nut x mn array defined as follows: 

(L x M)((M 2 ),0i,/2)) = 

Note that LxMis one Latin square; it is not the superposition of two Latin 
squares. 

Lemma 6.25. If L and M are Latin squares of order m and n (respectively) defined 
on symbol sets X and Y (respectively), then L x M is a Latin square of order mn 
defined on symbol set X xY. 

Proof. Consider a row of Lx M, say row (q , if). Let x € X and let y e Y. We 
will show how to find the symbol (x,y) in row (q, if) of L x M. Since L is 
a Latin square, there is a unique column j\ such that L (q , ]\ ) — x. Since M 
is a Latin square, there is a unique column jx such that M(i 2 , 72 ) = J/- Then 
(L x M)((i 1 ,i 2 ),0'i,/ 2 )) = (x,y). 

Similarly, every column ofLxM contains every symbol in X x Y, so L x 
M is a Latin square. □ 

Example 6.26. An example to illustrate the direct product. Suppose L and M 
are as follows: 

L = 

Then L x M is as follows: 
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The direct product L x M contains many copies of L and M within it. The 
Latin square Lx M can be partitioned into m 2 disjoint n x n subarrays, each 
of which is a copy of M on the symbol set {x} x Y, where x £ X. L x M can 
also be partitioned into n 2 disjoint m x ill subarrays, each of which is a copy 
of L on the symbol set X x {y}, where y € Y. 

We next prove that the direct product construction preserves orthogonal- 
ity. 

Theorem 6.27 (Direct Product). If there exist orthogonal Latin squares of orders 
n\ and « 2 , t hen there exist orthogonal Latin squares of order n\U 2 - 

Proof. Suppose that Li and L 2 are orthogonal Latin squares of order n\ on 
symbol set X, and M\ and M 2 are orthogonal Latin squares of order «2 on 
symbol set Y. We will show that Li x Mi and L 2 x M 2 are orthogonal Latin 
squares of order n\U 2 - In x Mi and L 2 x M 2 are both Latin squares by Lemma 
6.25, so we just have to prove that they are orthogonal. 

Consider an ordered pair of symbols, ((xi,yi), ( x 2 / l / 2 ))- We want to find 
a unique cell ((z'i, if), ( 71 , 72 )) such that 

(Li x Mi)((z'i,z 2 ), ( 71 , 72 )) = (M,yi), and 
(L 2 x M 2 )((zi,z 2 ), ( 71 , 72 )) = {xi ,yi)- 
This is equivalent to 

I-i (h/7i) = x i' 

Mi(z' 2 , 72 ) = yi, 

L2(h,ji)=X2, and 

^ 2 ( 12 , 72 ) = 3/2- 

The first and third equations determine (z‘ 1 , 7 ‘ 1 ) uniquely because Li and 
L 2 are orthogonal; and the second and fourth equations determine (z' 2 , 7 ’ 2 ) 
uniquely because Mi and M 2 are orthogonal. The desired cell, ((z'i, z' 2 ), ( 71 , 72 )), 
is therefore determined uniquely. □ 

Examples 6.21 and 6.22, together with Theorems 6.23 and 6.27, are suffi- 
cient to prove the following result. 

Theorem 6.28. There exist orthogonal Latin squares of order n if n ^2 (mod 4). 

Proof. If n is odd, then apply Theorem 6.23. Next suppose n > 4 is a power of 
two, say n = 2\ where i > 2. The cases i = 2 and i = 3 were done in Examples 
6.21 and 6.22. For i > 4, we can construct orthogonal Latin squares of order 
2 ! , by induction on z, applying Theorem 6.27 with n\ = 4 and nj = 2 l ~ 2 . 

Finally, suppose that n is even, n f 2 (mod 4), and n is not a power of 
two. Then we can write n = 2V, where i > 2 and n' > 1 is odd. Apply 
Theorem 6.27 with n\ = 2‘ and n 2 = n' . Since we have already constructed 
orthogonal Latin squares of orders 2' and the result follows. □ 
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6.4 Mutually Orthogonal Latin Squares 

A set of s Latin squares of order n, say L \, . . . , L s , are said to be mutually 
orthogonal Latin squares if L, and Lj are orthogonal for all 1 < i < j < s. We 
will abbreviate the term "mutually orthogonal Latin squares" to "MOLS". A 
set of s MOLS of order n will be denoted s MOLS(n). 

One fundamental problem is to determine the maximum number of 
MOLS of order n . This quantity is denoted N(n). Since any two Latin squares 
of order 1 are orthogonal, we say that N( 1) = oo. For all n >1, however, it is 
possible to prove a finite upper bound on N(n). 

Theorem 6.29. There do not exist n MOLS(n) if n > 1 (i.e., N(n) < n — 1 for 
n > lj. 

Proof. Suppose that L\,..., L s are mutually orthogonal Latin squares of or- 
der n > 1. Without loss of generality, we can assume that L \, . . . , L s are all 
defined on symbol set {1 , ,n}. Furthermore, we can assume that the first 
row of each of these squares is 





S 


R 


0 



(This is justified by observing that within any Lj we can relabel the symbols 
so the first row is as specified. The relabeling does not affect the orthogonality 
of the squares.) 

Now consider the s values Li(2, 1), . . . , L s (2, 1) (this is where we require 
the assumption n > 2). We first note that these s values are all distinct, as 
follows: Suppose that L,(2, 1) = Lj( 2, 1) = x, say. Then we have the ordered 
pair (x,x) occurring in the superposition of Lj and Lj in cell (l,x) and again 
in cell (2, 1). This contradicts the orthogonality of Lj and Lj. 

Next we observe that L,(2, 1) / 1 for 1 < i < s. This follows from the 
fact that L, (l, 1) = 1 and no symbol can occur in two cells in any column of 
a Latin square. 

Combining our two observations, we see that Li (2, 1), . . . , L s (2, 1) are in 
fact s distinct elements from the set {2, ... ,n}. Flence, s < n — 1. □ 

6.4.1 MOLS and Affine Planes 

The cases where N(n) = n — 1 are particularly interesting because they cor- 
respond to affine planes. First, we show how to construct n — 1 MOLS(n) 
from an affine plane of order n. Suppose that (X, A) is an affine plane of or- 
der n (i.e., an (n 2 ,n, 1)-BIBD). Recall from Theorem 5.9 that an affine plane 
is resolvable. Each of the n + 1 parallel classes contains n disjoint blocks, 
and Theorem 5.21 says that any two blocks from different parallel classes 
intersect in exactly one common point. Suppose for 1 < i < n + 1 that the 
blocks in IT, (the zth parallel class) are named < j < n. We are going 

to construct n — 1 mutually orthogonal Latin squares of order n, which we 
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name Lj, . . . , L„_ | . These Latin squares are constructed using the following 
formula: 

L x (i,j) = k if and only if A n ,i n A n +\ j £ A xA 

for 1 < x <n — 1,1 <i <n,l < j <n. 

Let us begin by showing that each L x is a Latin square. First, given a 
symbol k and a row i, we want to find a unique column j such that L x ( i, j) = 
k. There is a unique point y ^ Anj n A X/ k because any two blocks in n„ and 
TI V intersect in a unique point. Then, there is a unique j such that y G A n +\,j 
because n„ +1 is a parallel class. Hence L x (i,j) = k. 

Next, given a symbol k and a column j, we want to find a unique row 
i such that L x (i,j ) = k. There is a unique point y G A 1 + 1 ,/ H A xA because 
any two blocks in n n+4 and Tl x intersect in a unique point. Then, there is a 
unique i such that y G A n j because n„ is a parallel class. Hence L x (i,j) = k. 

Now we show that L x and L XJ are orthogonal if x / y. Let k and l be two 
symbols. We want to find a unique cell ( i,j ) such that 

L x (i, j) = k and 

L y (i,j) = t 

This is equivalent to saying that 

A-n,i n ^n+i,j ^ A X/ k and 
An,i A n _|_i,y G 

There is a unique point z £ A Xi k n Ay : n because any two blocks in Tl x and 
n v intersect in a unique point. Now, there is a unique i such that z G A n j 
because Tl„ is a parallel class. Similarly, there is a unique j such that z G 
A n+ i r j because n„ + i is a parallel class. Thus we have found the desired cell 
( i,j ), and we have proved that L x and L v are orthogonal if x / if. 

Example 6.30. We begin with the affine plane of order 3 constructed in Exam- 
ple 1.4: 

X = {1,2,3,4,5,6,7,8,9}, and 

A = {123, 456, 789, 147, 258, 369, 159, 267, 348, 168, 249, 357} . 

Suppose we name the blocks as follows: 

A u = {1,2,3} A 2 ,i = {1,4,7} A 3A = {1,5,9} A 4A = {1,6,8} 

A u = {4,5,6} A 2/2 = {2,5,8} A 3/2 = {2,6,7} A 4/2 = {2,4,9} 

= {7,8,9} A 2/3 = {3,6,9} A 3 , 3 = {3,4,8} A 4/3 = {3,5,7}. 

Then the Latin squares L ] and L 2 are 




I 
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The construction can in fact be reversed. Suppose we begin with n — 1 
MOLS(n), defined on symbol set {1 say We will con- 

struct an affine plane having point set X = {1 , ,n} x { 1, The blocks 
are constructed as follows. For \ <x<n—l,l<k<n, define 

A x,k = {(if j) ■ L x (i,j ) = k}. 

For 1 <k <n, define 

A n,k = {(Kj) : 1 <j<n}, 

and for 1 < k < n, define 

A n+\,k = ((h fc ) : 1 <i<n}. 

Finally, let 

A = {A Xr i : 1 < x < n + 1, 1 < k < n}. 

We will show that (X, A) is an affine plane of order n. Clearly |X| = ir , 
and it is also not hard to see that every block contains n points. It remains 
to show that every pair of points occurs in a unique block. Consider a pair 
(z'l,/l), (z' 2 ,/ 2 )- If i’i = hf then this pair occurs in the block A„ /( - and inno other 
block. If ji = / 2 , then this pair occurs in the block A n+ and in no other 
block. Flence, we can assume that i i ^ ii and j \ ^ ] 2 - We will show that 
any such pair occurs in at most one block in the design. Since the number 
of blocks is h 2 + n, it then follows that each such pair occurs in exactly one 
block. 

Suppose that {(q, j x ),(i 2 , j 2 )} Q A x ^ and {(ii,j\), (hfji)} Q A x 2 ,k 2 ' 
where (x\,ki) ^ (Aifki)- Then we have 

L Xl (h fji) = k t , 

kxtihfji) = k\, 

L X2 (h,h)=k 2 , and 

kx 2 (h,j2) = ko- 

If X] = x 2/ then k\ = k 2 , so we conclude that x\ / x 2 . But then the two 
squares L Xl and L A - 2 are not orthogonal because the superposition contains 
the ordered pair {k-\,k 2 ) in cell and again in cell (h/jl)- This contradic- 

tion completes the proof that (X, A) is an affine plane of order n. 

Example 6.31. Suppose we begin with the orthogonal Latin squares of order 
3 from Example 6.30: 

fll3|2 

L a = 2l3 , L 2 = 

3|2|T 

The blocks of the affine plane constructed from these orthogonal Latin squares 
are as follows: 
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A u = {( 1 , 1 ), ( 2 , 2 ), ( 3 , 3 )} 
= {(1,3), (2,1), (3,2)} 
A 1/3 = {(1,2),(2,3),(3,1)} 

A 3 ,i = {(1,1),(1,2),(1,3)} 
2)3,2 = {(2/1)/ (2,2), (2, 3)} 
2 ) 3,3 = {(3/1)/ (3,2), (3,3)} 



2 ) 2,1 = {(1/1)/ (2,3), (3,2)} 
2 ) 2,2 = {(1/3), (2,2), (3,1)} 
2 ) 2,3 = {(1/2), (2,1), (3,3)} 

^ 4,1 = {( 1 , 1 ), ( 2 , 1 ), ( 3 , 1 )} 
^4,2 = {(1/2), (2,2), (3,2)} 
2 ) 4,3 = {(1,3), (2,3), (3,3)}. 



I 

The preceding discussion establishes that an affine plane of order n > 2 
is equivalent to n — 1 MOLS(n). We know from Theorem 5.10 that an affine 
plane of order n exists if and only if a projective plane of order n exists. There- 
fore we have the following result. 

Theorem 6.32. Let n > 2. Then the existence of any one of the following designs 
implies the existence of the other two designs: 

1. n-1 MOLS(«); 

2. an affine plane of order n; 

3. a projective plane of order n. 



6.4.2 MacNeish's Theorem 



The direct product construction (Theorem 6.27) can be generalized to sets of 
s MOLS in an obvious way. Further, it is possible to form the direct product 
of more than two Latin squares, again in an obvious manner. Orthogonality 
is preserved, and the following theorem results. 

Theorem 6.33. If there exist s MOLS(n,), 1 < i < t, then there exist s MOLS(n), 
where n = x «2 x • • • x ng. 



It is possible to construct many interesting examples of sets of MOLS by 
using Theorem 6.32 in conjunction with the direct product. The following 
theorem, known as MacNeish's Theorem, makes use of the fact that an affine 
plane of order q exists for every prime power q. 



Theorem 6.34 (MacNeish's Theorem). Suppose that n has prime power factor- 
ization n = pi 1 ■ ■ ■ p ft, where the p{s are distinct primes and ei > lforl <i<£. 
Let 

s = min {pf* — 1:1 <i < £}. 

Then there exist s MOLS(n). 



Proof. For 1 < i < I, there exists an affine plane of order pf‘. Flence, there 
exist pf l — 1 MOLSfp/’'), for 1 < / < (, by Theorem 6.32. Therefore there 
exist s MOLS(p; e ') for 1 < i < t. Apply Theorem 6.33 to obtain the desired 
result. □ 
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There are many corollaries of Theorem 6.34 that can be proven. Here is a 
specific result that we will use later. 

Corollary 6.35. Ifn= 1,5,7, or 11 (mod 12), then there exist four MOLS(n). If 
n = 4 or 8 (mod 12), then there exist three MOLS(n). 

Proof. Suppose that n has prime power factorization n = pf' ■ ■ ■ pf e . By 
Theorem 6.34, three M 0 LS in ) will exist if pf ‘ > 4 for 1 < i < t. The only 
situations in which pf' < 4 are when (p i,ef) = (2,l)or (3, 1). In other words, 
if the prime power factorization of n does not contain the specific terms 2 1 
or 3 1 , then three MOLS(m) exist. By a similar argument, if the prime power 
factorization of n does not contain the specific terms 2 1 , 2 2 , or 3 1 , then four 
MOLS(m) exist. 

Now, if n = 1,5,7, or 11 (mod 12), then gcd(«,6) = 1, so there are no 
terms involving 2 or 3 in the factorization of n . It follows that four MOLS of 
these orders exist. 

If n = 4 or 8 (mod 12), then n = 0 (mod 4) and n f 0 (mod 3). Therefore 
there is no term involving 3 in the factorization of n, and the term involving 
2 has an exponent that is at least 2. Therefore three MOLS of these orders 
exist. □ 



6.5 Orthogonal Arrays 

In this section, we discuss an equivalent formulation of MOLS called an or- 
thogonal array. 

Definition 6.36. Let k >2 and n > 1 be integers. An orthogonal array OA(/c, n) 
is an n 2 x k array, A, ivith entries from a set X of cardinality n such that, within 
any tzvo columns of A, every ordered pair of symbols from X occurs in exactly one 
row of A. 

Note that an OA(2 ,n) exists trivially for all integers n > 1. 

6.5.1 Orthogonal Arrays and MOLS 

It is not difficult to construct an OA(s + 2, n) from s MOLS(n). This is done 
as follows. Suppose without loss of generality that these s Latin squares are 
named L\, . . L s , are defined on symbol set {1, . . and have rows and 
columns labeled {1 ,... ,n}. For every i,j € {1, . . . , n}, construct an (s + 2)- 
tuple 

(*', j,L\{i , /),•••, I* (*,/'))• 

Then form an array A whose rows consist of these n 2 (s + 2)-tuples. We will 
show that A is an OA(s + 2 ,n). 

We need to show that every ordered pair of symbols occurs in any two 
columns a and b, where 1 < a < b < s + 2. We consider several cases: 
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1 . If a = 1 and b = 2, then clearly we get every ordered pair. 

2. If a = 1 and b > 3, then we get every ordered pair because every row of 

Lf, is a permutation of /? } . 

3. If tz = 2 and b > 3, then we get every ordered pair because every column 
of L;, is a permutation of {1, . . . , n}. 

4. If a > 3, then we get every ordered pair because L„ and L/, are orthogonal. 

Example 6.37. An OA(4,3) constructed from the orthogonal Latin squares of 
order 3 presented in Example 6.20. 
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The construction can easily be reversed; if A is an OA (k,n) with l< > 3, 
then we can construct k — 2 MOLS(n) from it. Suppose without loss of gen- 
erality that A is defined on symbol set {1, . . . ,n}. Label the columns of A 
by the integers 1 ,,k, and label the rows of A by the integers 1, . . . , n 2 . 
We construct k — 2 MOLS(n), which we name L/ c _ 2 , as follows: For 

1 < h < k — 2 and 1 < r < n 2 , define 

L h (A(r,l),A(r,2))=A(r,h + 2). 

We will show that L\, ... , L/ c _ 2 are orthogonal Latin squares of order n. 

We begin by showing that each Lj, is a Latin square. First, every cell of L;, 
contains one and only one entry because every ordered pair occurs exactly 
once in columns 1 and 2 of A. Next, let us show that each row i of each L/, is 
a permutation of {1 The entries in row i of L/, are in fact the symbols 
in the set 

{A(r,h + 2) : A(r, 1) = i}. 

These symbols are all distinct because every ordered pair occurs exactly in 
columns 1 and h + 2 of A. A similar argument proves that each column i of 
each Lf, is a permutation of {1, ... , n}. Hence the L/,'s are all Latin squares. 

It remains to prove orthogonality. But L;, and L g are orthogonal because 
every ordered pair occurs exactly once in columns h + 2 and g + 2 of A. 

As an example, if we begin with the OA(4, 3) from Example 6.37, and ap- 
ply this construction, then we recover the orthogonal Latin squares of order 
3 from Example 6.20. 

The discussion above proves the following theorem. 
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Theorem 6.38. Suppose that n > 1 and k > 3 are integers. Then k — 2 MOLS(n) 
exist if and only if an OA (k,n) exists. 

6.5.2 Some Constructions for Orthogonal Arrays 

Because orthogonal arrays are equivalent to MOLS, any construction for 
MOLS can be expressed as a construction of orthogonal arrays, and vice 
versa. Presenting constructions for orthogonal arrays is sometimes more con- 
venient, however. We consider some constructions in this section. 

Suppose that n is a prime power. Then there is an affine plane of order 
n (Theorem 5.4), and hence there are n — 1 MOLS(n) (Theorem 6.32). Finally, 
Theorem 6.38 tells us that there is an OA (n + 1, n). This is a bit of a circuitous 
route, so we now give a direct construction for orthogonal arrays having a 
prime power number of symbols. 

Theorem 6.39. Suppose q is a prime power and 2 < k < q. Then there exists an 
OA (k,q). 

Proof. Let a\,. . . , a^ be k distinct elements in F (; . Define two vectors in (' F j ^ 
as follows: 



v 1 = (l,...,l) and 
v 2 = ( fl l/ •••/%)• 

Now, define an array A, having rows indexed by F (( x F^, where row ( i,j ) is 
the k-tuple iv\ + ;v 2 . 

We prove that A is an OA (k, q) (the proof is very similar to the proof of 
Theorem 5.4). Let 1 < c < d < k, and let x,y £ F,j. We want to find the 
unique row ( i,j ) of A such that A((i,j), c ) = x and A((i,j), d) = y. This gives 
us the following system of two equations in F I? in the two unknowns i and j: 

i + ja c = x, 

i + j a d = y- 

Subtracting the second equation from the first, we obtain 

/ K -a d ) = x-y. 

Since a c — a d 0, there exists a multiplicative inverse (fl c — «d) -1 G IF,;. Then 
we have the following: 

j= 

Back-substituting, we can solve for i: 

i = x - ja c = x a c {a c - a d )~ 1 (x-y). 



Hence, A is an OA (k, q). 



□ 
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We can "extend" an OA[q, q) constructed using the theorem above by ad- 
joining an additional column in such a way that an OA [q + 1, q) is obtained. 

Theorem 6.40. Suppose q is a prime power. Then there exists an OA (q + 1, q). 

Proof. Construct an OA [q, q) as described in Theorem 6.39. Then adjoin one 
more column, column q + 1, in which A((i,j), q + 1) = j for all i,j. The result- 
ing array is an OA (q + 1 ,q). □ 

We next give a construction for an OA(4, n) for all n = 10 (mod 12). Such 
an integer n can be written in the form n = 3 m + 1, where m = 3 (mod 4). 
Define X = ^. 2 m+l U fi, where fi {oo,- : 1 < i < m}. Begin with the 
following 4 m + 1 four-tuples: 

(0,0, 0,0), 

(0,2/, z',00;), 1 < z < m, 

(0, 2 2 — 1, OO,-, 222 + /), 1 < 2 < 222, 

(0, oo;, 2/22 + 1 — 2, /), 1 < 2 < 222 , and 

(oo,-, 0, 2, 2/22 + 1 — /), 1 < 2 < 222 . 

Next, develop each of these 4/22 + 1 four-tuples through the group Z 2 m+i 
using the convention that oo,- + j = oo,- for all j £ Z2m+l and all b 1 < i < zn. 
Call the resulting set of (4222 + 1)(2«2 + 1) four-tuples A ] . 

Now let A 2 be an 0A(4, m) on the symbol set Q. (Note that m is odd, so 
there exist orthogonal Latin squares of order m from Theorem 6.23. Therefore 
an 0A(4, m) exists from Theorem 6.38.) A? contains 2 / 2 2 four-tuples. 

The (4/22 + 1) (2/2/ + 1) + / 22 2 = (3m + l) 2 four-tuples in A\ U A 2 form an 
OA(4, 3m + 1). This orthogonal array has the following permutation a as an 
automorphism: 

a = (0 1 2 • • • 2m)(oo 1 ) • • • (oo,„). 

The [3m + 1) 2 four-tuples in this 0A(4, 3m + 1) are comprised of 4m + 1 orbits 
each consisting of 2m + 1 rows and m 2 orbits each consisting of one row. In 
order to verify that we have constructed an 0A(4, 3m + 1), we need to show 
for each choice of two columns that every orbit of ordered pairs is contained 
in exactly one of the orbits of four-tuples, within the specified columns. It is 
not hard to show that there are exactly m 2 + 4m + 1 orbits of ordered pairs 
with respect to the group G = {cd : 0 < / < 2/2/}. The orbits of ordered 
pairs consist of 4m + 1 orbits of size 2m + 1 and m 2 orbits of size 1. Orbit 
representatives are as follows: 

(0,/), 0 < Z < 2/22, 

( 0 , 00 ,-), 1 < 2 < 222 , 

(OO,-, 0), 1 < 2 < 222 , and 

(oo;,°0;), 1 < bj < m - 

With this information, it is straightforward to verify that we have an 
0A(4, 3m + 1). Therefore we have the following result. 
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Fig. 6.4. Orthogonal Latin Squares of Order 10 



Theorem 6.41. For all positive integers n = 10 (mod 12) , there exists an OA(4 ,n), 
and hence there exist orthogonal Latin squares of order nfor all such n. 

We illustrate this construction by exhibiting orthogonal Latin squares of 
order 10 in Figure 6.4. These are obtained from an OA(4, 10) constructed us- 
ing the technique described above. 



6.6 Transversal Designs 

Another type of new design equivalent to sets of MOLS is called a transversal 
design. We define these objects now. 

Definition 6.42. Let k > 2 and n > 1. A transversal design TD (k,n) is a triple 
(X, Q, B) such that the following properties are satisfied: 

1. X is a set ofkn elements called points, 

2. Q is a partition ofX into k subsets of size n called groups, 

3. B is a set ofk-subsets ofX called blocks, 

4. any group and any block contain exactly one common point, and 

5. every pair of points from distinct groups is contained in exactly one block. 
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Note that the "groups" in a transversal design are just subsets of points; they 
are not algebraic groups . Also, a T D (2, n ) exists trivially for all integers n > 1 . 

We first show how to construct a TD (k,n) from an OA (k,n). Let A be an 
OA (k,n) on symbol set {1 Label the columns of A as 1 and 

label the rows of A as 1, . . . , n 2 . Define 

X= {1 ,...,«} x {1 k}. 

For 1 < i < k, define 

Gj = {1 x {(}, 

and then define 

G = {G, : 1 < i < k}. 

For 1 < r < n 2 , define 

B r = {(A(r,i),i) : 1 <i <k}, 

and define 

B = {B r : 1 < r < n 2 }. 

Then it is essentially trivial to prove that (X, Q, B) is a T D (7c, n). 

Example 6.43. Given the 0A(4, 3) constructed in Example 6.37, we obtain a 
TD(4, 3). The blocks of this transversal design are shown in Figure 6.5. § 



Bi = {(1,1), (1,2), (1,3), (1,4)} 
B 2 = {(1,1), (2,2), (2,3), (2,4)} 
B 3 = {(1,1), (3,2), (3,3), (3,4)} 
B 4 = {(2,1), (1,2), (2,3), (3,4)} 
B 5 = {(2,1), (2,2), (3,3), (1,4)} 
B 6 = {(2,1), (3,2), (1,3), (2,4)} 
B 7 = {(3,1), (1,2), (3,3), (2,4)} 
B S = {(3,1), (2,2), (1,3), (3,4)} 
B 9 = {(3,1), (3,2), (2,3), (1,4)}. 



Fig. 6.5. The Blocks of a TD(4, 3) 



The construction can be reversed: given a TD (k,n), we can use it to con- 
struct an OA (k,n). Suppose (X, Q, B) is a TD (k, n). By relabeling the points if 
necessary, we can assume that X = {1, . . .,n} x {1, . . .,k} and Q = { C, : 1 < 
i < k}, where G, = {1 ,...,«} x {/} for 1 < i < k. For each block B € B and 
for 1 < i < k, let ( b i) g B fl G ; (recall that each block intersects each group 
in a unique point). Then, for each B € B, form the /c-tuple 
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{b 1/ ...,b k ). 

Construct an array A whose rows consist of all these /c-tuples; it is easy to 
show that A is an OA (k, n). 

As an example, if we begin with the TD(4, 3) from Example 6.43 and ap- 
ply this construction, then we recover the 0A(4, 3) that we started with. 

Gathering together the results of this section and Theorem 6.38, we have 
the following. 

Theorem 6.44. Suppose that n >2 and k > 3. Then the existence of any one of the 
folloiving designs implies the existence of the other two designs: 

1. k — 2 MOLS(n), 

2. an OA (k, n), 

3. a TD (k,n). 

6.7 Wilson's Construction 

In this section, we describe a powerful recursive construction for MOLS due 
to Wilson. It is in fact a generalization of the direct product construction for 
MOLS that we presented in Section 6.1. Wilson's construction is most easily 
presented in terms of transversal designs. We will get to it shortly, but first we 
recast the direct product construction in the language of transversal designs. 
Let (X, Q, A) be a TD (k, t ), where G\, . . . , Gj- are the groups. Define 

Y = Xx{l m}, 

and, for 1 < i < k, define 

H t = Gi x {1 ,...,m}. 

Let TL = {H{ : 1 < i < k}.Y and TL will be the points and groups (respec- 
tively) of the TD (k, mt) that we are constructing. 

We now define the blocks of this transversal design. For every block A £ 
A, construct a set of m 2 blocks as follows. For 1 < i < k, let {fl;} = A n G,. 
Then let B,\ be the set of m 2 blocks of a TD(/c, m) in which the groups are 

{«;} x m}, 

1 < i < k. Then define 

B= |J B a . 

AeA 

We claim that (Y, TL, B) is a transversal design. The main task is to show 
that any two points x and y from different groups occur in a unique block. 
Suppose that x = ( g,a ) and y = ( h,b ), where g G G;, h e Gy, i j, and 
a, b £ {1 , ,m}. There is a unique block A £ A such that g,h £ A because g 
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Fig. 6.6. A Truncated Transversal Design 



and h occur in different groups in Q. Then it is easily seen that x and y occur 
in a unique block in B a and in no other block in B. 

As we mentioned, the construction above is exactly the same as the direct 
product construction for MOLS. We will proceed next to a description of Wil- 
son's construction. Wilson's construction uses a type of design called a trun- 
cated transversal design, which is formed from a transversal design by delet- 
ing some points from one of the groups. More specifically, let (X, Q, B) be a 
TD(k + 1, f), where k > 2. Pick a group G £ G, and suppose that 1 < u < f. 
Let G' C G, |G'| = u. Then define 

Y = (X\G) U G' 

H=(G\{G})G{G'} 

C = {B £ B : BAG' yk<Z)}U {B\{x} : B £ B, B n G = {x},x £ G\G'}. 

The set system (Y,TL,C) is a truncated transversal design. If u < t, then this 
design has kt + u points, k groups of size t and one group of size u, t(t — it) 
blocks of size k, and tu blocks of size k + 1. (If t = u, then the design is just a 
TD(k + 1, t) because we have deleted no points.) 

We now present the statement and proof of Wilson's construction for 
MOLS. 

Theorem 6.45 (Wilson's Construction for MOLS). Let k > 2 and suppose that 
the following transversal designs exist: a TD (k, m), a TD (k, m + 1), a TD (k + 1, f), 
and a TD (k, u), where 1 < u < t. Then there exists a TD(k, mt + u). 

Proof. First construct a truncated transversal design from a TD(k + 1, t) by 
deleting t — u points from some group, as described above. Let (X, Q, A) be 
the resulting truncated transversal design, where Gi, . . . , Gj- are k groups of 
size t and Gj- + i is a group of size u. 

In Figure 6.6, the groups of this truncated transversal design are drawn 
vertically, and two representative blocks are indicated. 

Define 



Y = ((X\G, +1 ) x {1 m}) U ({1 k} x G k+1 ). 
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Then, for 1 < i < k, define 



Hi = (G/ x m})U({ij x G k+1 ), 



and let H = {H, : 1 < i < k}. Y and H will be the points and groups 
(respectively) of the TD (k, mt + u) that we are constructing. 

It will be convenient to define a “type I" point to be a point in (X\Gfc + i) x 
{1 and a "type II" point to be a point in {1, . . ,,k} x G k+ i- Observe 

that each group Hi contains mt type I points (which consist of m copies of 
each point in G,) and u type II points (which consist of one copy of each 
point in G k+k ). 

We now define the blocks of this transversal design. For every block A £ 
A, construct a set of blocks B/\ according to the following recipe: 

1. Suppose |A| = k. For 1 < i < k, let {a,} = A n G,-. Then let B/\ be the set 
of m 2 blocks of a TD (k, m ) in which the groups are 

{«i} x m} 



for 1 < i < k. 

Observe that the blocks in B/\ contain only type I points. 

2. Suppose |A| = k + 1. For 1 < i < k + 1, let {<?;} = A n G,. There exists a 
TD(k, m + 1) in which the groups are 



({«/} x ,m})U {(i,a k+1 )}, 



for 1 < i < k, and in which 

{(l,a k+1 ),...,(k, a k+ 1 )} 

is a block. Delete this block, and let B/\ be the set of (m + l) 2 — 1 blocks 
that remain. 

In Figure 6.7, we show how two representative blocks in the truncated 
transversal design are "expanded into" transversal designs. 

Observe that each group of the TD(k, m + 1) consists of m type I points 
and one type II point. Flowever, no block in B /\ contains more than one 
type II point; this is because we deleted the block {(1 ,a k+ i), . . . ,(k, a k+ i)}, 
which was the only block in the transversal design that contained more 
than one type II point. 

Finally, there exists a TD (k, u ) in which the groups are 

{/} x G fc+ i 

for 1 < i < k. Let B* denote the blocks of this transversal design. (Observe 
that the blocks in B* contain only type II points.) 

The block set of the TD (k, mt + u) is defined to be 
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Fig. 6.7. Wilson's Construction (Detail) 



B=[ |J B a U6*. 

\AeA / 

Let us sketch a proof that ( Y,H,B ) is a transversal design. The main task 
is to show that any two points x and y from different groups of 'H occur in 
a unique block. There are three different cases to consider according to the 
types of the two points x and y. 

1. Suppose x and y are both of type I. Let x = ( g , a ) and y = (. h , b), where 
g G G„ h G Gj, i jb j r and a,b G {1 , ,m}. There is a unique block A £ A 
such that g, h £ A. Then x and y occur in a unique block in B/\ and in no 
other block in B. 

2. Suppose x is of type I and y is of type II. Let x = (g,a) and y = ( j,h ), 
where g G Gj,h G Gjt+i, a G {1, . . .,m}, and / G {1, ... ,k}\{/}. There is 
a unique block A £ A such that g, h G A, and it must be the case that 
| A | = k+1. x and y occur in a unique block in B,\ and in no other block 
in B. 

3. Suppose x and y are both of type II. Let x = ( i,g ) and y = ( j,h ), where 
g,h G G/t+i, i,j G {1 .,k}, and i ^ j. Then x and y occur in a unique 
block in B* and in no other block in B (note that we observed earlier 
that the blocks in B* are the only ones that contain more than one type II 
point). 
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This completes the proof. 



□ 



We present a small example to illustrate Theorem 6.45. 

Example 6.46. An application of Wilson's construction. Let k = 3, m = 2, t = 
3, and u = 2. A TD(3,2), TD(3,3), TD(4,3), and TD(3,2) all exist. Theorem 
6.45 yields a TD(3, 8). 

We begin with a TD(4, 3) and truncate one group to two points, obtaining 
a truncated transversal design 

(X,Q = {G lr G 2 ,G 3 ,G A } r A= {A t : 1 < i < 9}), 



where 



X = {a\, a 2/ a 3/ b\, b 2/ b 3/ C\, c 2/ c 3 ,d\, d 2 }, 

G\ = {a\,a 2 ,a 3 j, G 2 = {b\,b 2 ,b 3 j, G 3 = {c\,c 2 , c 3 }, 

G4 = { di,d 2 } , 

A 1 = {axM.CxAij, ^2 = {a 2 ,b 2 ,c 2 / di}, A 3 = {a 3 / b 3 ,c 3 ,d 1 }, 

A 4 = {a\,b 2 ,c 3 ,d 2 j, A$ = {a 2 ,b 3 ,c\,d 2 }, A 6 = {a 3 ,b\,c 2 ,d 2 }, 

A 7 = {ai,b 3 ,c 2 }, Aq = {a 2 , b\,c 3 } r Ag = {a 3 , b 2 ,c{\. 

The groups of the TD(3,8) are 

Hi = {( fl i/ 1)/ ( fl i/2), (a 2 , 1), (a 2 , 2 ), (a 3 , 1), (a 3 , 2 ), (l,di), (l,d 2 )} 

H 2 = { (h, 1), (bi, 2), (b 2 , 1), (b 2 , 2), (b 3 , 1), (b 3 , 2), (2, d a ), (2, d 2 )} 

H 3 = { (ci, 1), (ci, 2), (c 2 , 1), (c 2 , 2), (c 3 , 1), (c 3 , 2), (3, d t ), (3, d 2 )}. 

Each block in A gives rise to a certain set of blocks in the TD(3,8). For 
example, consider A\ = Since |Ai| = 4 = k + 1, the blocks 

Ba 1 are obtained from the blocks of a TD(3,3) having groups 

{(«i, 1)/ («i,2), (l,di)},{(b lr l), {b\,2), (2 ,di)}, and {(ci, 1), (ci,2), (3,^)}. 

We construct such a transversal design, making sure that 

{(1,^!), (2,rf 1 ),(3,rf 1 )} 

is one of the blocks. Then this block is deleted and the remaining eight blocks 
comprise Ba 1 ■ For example, we could take the following eight blocks: 

{(«!,!), (bi, 1), (ci, 1)} {(«i,2), (fei,2), ( Cl ,2)} 

{(ai,l),(bi,2),(3,di)} {(«i,2), (2,rf 1 ),(c 1 ,l)} {(l,d a ), (b lr 1), ( Cl ,2)} 

{ (ai, 1), (2, di), (ci, 2)} { (ai, 2), {b v 1), (3, d a )} {(1, d a ), {b v 2), (c lr 1)}. 

Another block in A is A 2 = {a\, b 3 , c 2 }- Since \A 2 \ = 3 = k, the 
blocks in Ba 7 are the blocks of a TD(3,2) having groups {(«i, 1), («i,2)}, 
{ (b 3 , 1), (Z? 3 , 2) }, and {( c 2 , 1), (c 2 , 2)}. For example, we could take the follow- 
ing four blocks: 




6.8 Disproof of the Euler Conjecture 151 



{(«l,l)/ (hA), (c 2 , 1 )} {(« 1,2), (b 3,2), (c 2 , 1 )} 

{( fl 1 /2) / (fe 3 ,l), (c 2 ,2)} {(«i, 1), (fc 3 ,2), (c 2/ 2)}. 

We apply this process to each of the nine blocks 

Finally, we adjoin the four blocks of a TD(3,2) on groups {(l,df), (l,d 2 )}, 
{(2 ,d\), (2, d 2 )}, and {(3 ,d\), (3 ,d 2 )}. For example, we could take the follow- 
ing four blocks: 

{(1,^0, (2,^!), (3,</ x )} {(l,d 1 ),(2,d 2 ),(3,d 2 )} 
{(l,d 2 ),(2,d 1 ) f (3 / d 2 )} {(1 ,d 2 ),(2,d 2 ),(3,d 1 )}. 

The resulting set of 64 blocks yields the desired TD(3, 8). I 

In view of Theorem 6.44, the following corollary is obtained by rephras- 
ing Theorem 6.45 in the language of MOLS. 

Theorem 6.47. Suppose s > 1 and there exist s MOLS(wz), s MOLS(»z + 1), s 
MOLSju), and s + 1 MOLS(f), where 1 < u < t. Then there exist s MOLS(wzf + 
u). 

6.8 Disproof of the Euler Conjecture 

As an application of Wilson's construction, we will complete the proof that 
there exist orthogonal Latin squares of order n for all positive integers n f 2 
or 6. (This is not the "original" disproof of the Euler conjecture from 1958; 
Wilson's construction permits the proof to be simplified considerably.) 

The following corollary will be useful. 

Corollary 6.48. Suppose t = 1,5 (mod 6), u is odd, and 0 < u < t. Then there 
exist orthogonal Latin squares of order 3 1 + n. 

Proof. We apply Theorem 6.47 with s = 2 and m = 3, noting that orthogonal 
Latin squares of orders 3, 4, and u exist (Theorem 6.28), as do three MOLS(f) 
(Corollary 6.35). □ 

We need one more example as a special case before proceeding to the 
general result. 

Example 6.49. Orthogonal Latin squares of order 14. 

We present a set of 17 four-tuples of elements in Zn U {oo 1 ,oo 2 , oo 3 }. 
These rows are to be developed modulo 11 using the convention that 00 , 4- 
j = oo, for i = 1, 2, 3 and j € Z M . (In other words, the permutation 

a = (0 1 2 • • • 10) (oo x ) (oo 2 ) (oo 3 ) 

is an automorphism of this orthogonal array.) Then adjoin nine more rows 
that form an 0A(4, 3) on the symbols 003,002,003. The result is an 0A(4, 14), 
which is equivalent to the desired orthogonal Latin squares. 
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Here are the 17 starting rows: 

0 0 0 0 

0 4 16 

4 0 6 1 

6 10 4 

16 4 0 

ooj 4 0 1 

00 2 6 0 2 

00 3 9 0 8 

4 ooj 1 0 

6 oo 2 2 0 

9 oo 3 8 0 

1 0 ocq 4 

2 0 oo 2 6 

8 0 oo 3 9 

0 1 4 oo ! 

026 oo 2 
0 8 9 oo 3 

I 

Theorem 6.50. Suppose n = 2 (mod 4), n ^ 2, 6. T/;en there exist orthogonal 
Latin squares of order n. 

Proof. We already did the cases where n = 10 (mod 12) in Theorem 6.41, so 
we can assume that n = 2, 6, 14, 18, 26, or 30 (mod 36). For each of these six 
residue classes modulo 36, we present a construction that is an application of 
Corollary 6.48 by writing n in the form n = 3t + u in an appropriate manner: 

36s + 2 = 3(12s — 1) + 5, s > 1 

36s + 6 = 3(12s + l) +3, s > 1 

36s + 14 = 3(12s + 1) + 11, s > 1 

36s + 18 = 3(12s + 5) +3, s>0 

36s + 26 = 3(12s + 7) + 5, s>0 

36s + 30 = 3(12s + 7) + 9, s > 1. 

The only values of n not covered by the constructions above are n = 2, 6, 14, 
and 30. The first two values of n are exceptions, the case n = 14 is done in 
Example 6.49, and n = 30 can be handled by the direct product construction 
because 30 = 3 x 10 and orthogonal Latin squares of orders 3 and 10 exist. 

□ 

Our main existence result is an immediate consequence of Theorems 6.28 
and 6.50. 

Theorem 6.51. Suppose n is a positive integer and n 2 or 6. Then there exist 
orthogonal Latin squares of order n. 
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6.9 Notes and References 

Bose's construction for Steiner triple systems was given in [13], and Skolem's 
modification is from [98]. Our description of these constructions is based on 
[77], The book "Triple Systems" by Colbourn and Rosa [32] is an enormous 
work devoted to BIBDs with block size 3. It is essential reading for anyone 
interested in that topic. 

The construction of a pair of orthogonal Latin squares of all orders n / 
2,6 was accomplished by Bose and Shrikhande [15] and Bose, Shrikhande, 
and Parker [16]. Theorem 6.41 is from [16]. A short proof of the nonexistence 
of a pair of orthogonal Latin squares of order 6 can be found in Stinson [101]. 

Wilson's construction for MOLS (a generalization of Theorem 6.45) is pre- 
sented in [121], An extensive table of MOLS of orders up to 10,000 can be 
found in [1], Colbourn [24] provides a good summary of construction meth- 
ods for MOLS, and Colbourn and Dinitz [28] describe how the tables in [1] 
were constructed. Some updated results can be found in Colbourn and Dinitz 
[29] . 



6.10 Exercises 

6.1 (a) Suppose that (X,A) is a (v, 3, 1)-BIBD and (X, o) is any quasi- 

group of order v. Define Y = X x {1, 2, 3}. For 1 < i < 3 and for 
any A £ A, define A/ = {(x, i) : x £ A}. Define 

Bi = {Aj : 1 < i < 3} 

and define 

B 2 = {(x, 1), (y, 2),(xo y, 3) : x,y £ X}. 

Prove that (Y, B\ U B 2 ) is a (3v,3 r 1)-BIBD. 

(b) Describe how to construct a (3v — 2,3, 1)-BIBD from any (v, 3, 1 )- 
BIBD and any quasigroup of order v — 1. 

(c) Describe how to construct a ( 3v — 6, 3, 1)-BIBD from any (v, 3, 1)- 
BIBD and any quasigroup of order v — 3. 

6.2 (a) Describe how to construct an idempotent quasigroup of every 

even order t > 2. 

(b) Explicitly construct idempotent quasigroups of orders 4 and 6. 

(c) Describe a construction for a (3f, 3, 2)-BIBD from any idempo- 
tent quasigroup of order t. Illustrate your construction in the 
case t = 4. 

6.3 Suppose (X, o) is a quasigroup. We say that (X, o) is a Steiner quasi- 
group if (X, o) is symmetric and idempotent and (x o y) o y = x for all 
x,y £ X. 

(a) Suppose that (X, A) is a Steiner triple system of order n. Define 
a binary operation o on X as follows: 
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\x if x = i/ 
x o y = < 

lz if x ^ y and {x,y,zj e A 

Prove that (X, o) is a Steiner quasigroup of order n. 

(b) Suppose that (X, o) is a Steiner quasigroup of order n. Define 

A = {{x,\j,xo\j} : x,y € X,x ^ y}. 

Prove that (X, .4) is a Steiner triple system of order n. 

6.4 Suppose that there are s MOLS(«). Prove that there are s — 1 MOLS(n), 
all of which are idempotent. 

Hint: This can be done by permuting rows, columns, and symbols in 
s — 1 of the s MOLS in a certain way You should begin by choosing one 
of the s orthogonal Latin squares, picking a symbol x, and considering 
the set of n cells in this Latin square that contain x, say C. Then, in 
each of the remaining s — 1 MOLS, the cells in C must contain one 
occurrence of each symbol. 

6.5 (a) Suppose that there is a ( v , k, 1 and suppose there are s — 1 

MOLS (7c), all of which are idempotent. Prove that there are s — 1 
MOLS( Z'), all of which are idempotent. 

(b) Using a suitable BIBD, prove that there exist three M0LS(21), all 
of which are idempotent. 

6.6 (a) Let 1 < m < n be integers. A Latin square L of order n has a 

subsquare of order m if there is an m x m subarray of L, say M, 
which is itself a Latin square on a subset of m symbols. Prove 
that m < 2 n if a Latin square of order n has a subsquare of order 
m. 

(b) Let 1 < m < n be integers. Suppose that Li, . . . , L s are MOLS of 
order n. Suppose that L\, , L s each have a subsquare of order 
m situated in the same positions (say, without loss of general- 
ity, in the upper left comers). Prove that these subsquares are 
necessarily s MOLS(m) and m < (s + 1 )n. 

6.7 Prove that the following sets of MOLS exist by citing appropriate the- 
orems or constructions. 

(a) 8 MOLS(99). 

(b) 7 MOLS(96). 

(c) 5 MOLS(57). 

6.8 Prove that there exist three MOLS(m) if n = 0 mod 36. 

Hint: Consider the factorization of n into prime powers. 

6.9 A magic square of order n is an n by n array formed from the integers 
1 , ... ,n 2 such that the sum of the entries in any row or column is a 
fixed integer, say S. 

(a) Prove that S = (« 3 + n)/2. 

(b) Suppose that L and M are orthogonal Latin squares on symbol 
set {0, ...,« — 1}. Define an n by n array A = ( a y) by the for- 
mula 



fly = n L(i,j) + M(i, j) + 1. 
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Prove that A is a magic square of order n . 

(c) Construct orthogonal Latin squares of order 4 and then use them 
to construct a magic square of order 4. 

6.10 A Latin square is self-orthogonal if it is orthogonal to its transpose. Let 
a,b € Z„. Suppose that we define an n by n array M = with 

symbols in Z„, by the rule 

ntij = ai + bj mod n. 

(a) Give a complete proof that M is a self-orthogonal Latin square of 
order n provided that gcd(fl, n) = 1, gcd(i>, n ) = 1, and gcd(fl 2 — 
b 2 ,n) = 1. 

(b) Construct a self-orthogonal Latin square of order 7. 




7 



Pairwise Balanced Designs I: Designs with 
Specified Block Sizes 



7.1 Definitions and Basic Results 

Pairwise balanced designs were defined in Section 1.3. These are among the 
most important and most studied types of designs. We will spend quite a 
bit of time in this chapter looking at pairwise balanced designs with speci- 
fied block sizes. Interestingly, these have applications to the construction of 
infinite families of BIBDs with fixed block sizes. 

We begin with a definition of pairwise balanced designs with specified 
block sizes. 

Definition 7.1. Suppose v > 2, A > 1, and K C {« g Z : n > 2}. A (v,K,A)- 
pairwise balanced design (ivhich ive abbreviate to ( v , K, A)-PBD) is a set system 
(X, A) such that the following properties are satisfied: 

1. \X\=v, 

2. |A| € K for all A £ A, and 

3. every pair of distinct points is contained in exactly A blocks. 

A (v, K, 1)-PBD is often denoted simply as a ( v , K)-PBD. 

Recall that a pairwise balanced design on v points is allowed to have 
blocks of size v. It is clear that a (v,k, A)-BIBD is a (v, {k}, A)-PBD. Con- 
versely, if k < v, then a (v, {k}, A)-PBD is a (v,k, A)-BIBD. 

We begin by presenting some simple constructions for pairwise bal- 
anced designs from other types of designs. Transversal designs and trun- 
cated transversal designs provide a convenient way of constructing certain 
pairwise balanced designs with A = 1 . 

Lemma 7.2. Suppose that k > 2 and there is a TD(k + 1, f). Then the folloiving 
pairwise balanced designs exist: 

1. a ( kt + u, {k, k + 1, f, u})-PBDfor all u such that 2 < u < t — 1, 

2. a (kt + 1, {k,k + 1/ f})-PBD, and 
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3. a ((k + 1)1, {k + 1, f})-PBD. 

Proof. To prove 1, delete t — u points from one group of a TD(7c + 1, f). Then 
take all the groups and blocks of the truncated transversal design to be blocks 
ofaPBD. 

To prove 2, delete t — 1 points from one group of a TD(7c + 1 , f). Then take 
all the groups and blocks of the truncated transversal design (except for the 
group of size one) to be blocks of a PBD. 

To prove 3, take all the groups and blocks of the transversal design to be 
blocks of a PBD. □ 

Resolvable (v,k, l)-BIBDs also can be used to produce pairwise balanced 
designs with A = 1 . 

Lemma 7.3. Suppose there is a resolvable ( v,k , 1)-BIBD. Then there exists a (v + 
r, {k + 1, r})-PBD, where r = (v — l)/(k — 1). 

Proof. We use the same technique as in the proof of Theorem 5.10. Let 
Tli, . . . , n r denote the parallel classes in the BIBD. Let ocq, . . . , oo r be r new 
points, and adjoin oo, to each block in the parallel class TT, . Finally, let 
{ocq, . . . ,oo r } be a new block. □ 

Note that, if we start with an affine plane, then the resulting pairwise 
balanced design has only one block size (because k + 1 = r) and therefore it 
is in fact a BIBD (namely, a projective plane; see Theorem 5.10). 

As a corollary of Lemma 7.3, we can obtain the following result. 

Corollary 7.4. For all even integers v > 4, there exists a (2v — 1, {3, v — 1})-PBD. 

Proof. Apply Lemma 7.3 with k = 2, noting that a resolvable (v, 2, 1)-BIBD 
exists for all even v > 4 by Theorem 5.2. □ 

Example 7.5. An (11, {3,5})-PBD. We begin with the resolvable ( 6 , 2, 1)-BIBD 
presented in Example 5.3 having parallel classes as follows: 

n 0 = { {oo, 0}, { 1, 4 }, {2, 3 } }, 

Hi = {{oo,l}, { 2 , 0 }, { 3 , 4 }}, 
n 2 = {{oo, 2 }, { 3 , 1 }, { 4 , 0 }}, 
n 3 = {{oo, 3 }, { 4 , 2 }, {0, 1}}, 
n 4 = {{00,4}, {0,3}, {1,2}}. 

The blocks of the resulting (11, {3, 5})-PBD are 

{ 00 , 0 , 00 ^, { 1 , 4 , 00 !}, { 2 , 3 ,ooj}, 

{oo, l,oo 2 }, { 2 , 0,002}, { 3 , 4 ,oo 2 }, 

{00, 2 , oo 3 }, {3,1,003}, { 4 , 0, oo 3 }, 

{00,3,004}, {4,2,004}, { 0,1,004}, 

{oo,4, oo 5 }, {0, 3 ,oo 5 }, {1,2,oo 5 }, 

{ooi,oo 2 , 003 , 004 , 005 }. 



I 
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7.2 Necessary Conditions and PBD-Closure 

In this section, we first discuss necessary numerical conditions for existence 
of [v, fC)-PBDs. Then we present some definitions and results pertaining to 
the important idea of PBD-closure. 

Definition 7.6. Suppose K C {n £ Z : n > 2}, and define 

IB(fC) = {v : there exists a (v, X)-PBD}. 

Furthermore, define 



a(K) = gcd {k — 1 : k £ K} 



and 

J8 (K) = gcd{k(k-l) : k £ K}. 

Note that K C B(fC) because a (trivial) ( k , {k})-PBD exists for any integer 
k > 2. 

Our next lemma provides some necessary numerical conditions for v to 
be an element of B(fC). This lemma can be thought of as a generalization of 
Theorems 1.8 and 1.9. 

Lemma 7.7. Suppose K C {n £ Z : n > 2} and suppose that v > 3 is an integer. 
Then v e B(fC) only if 

zz — 1=0 (mod ot(K)) 

and 

v(v — 1) = 0 (mod ft (K)). 

Proof. Suppose v £ B(fC). Then there exists a (v, K)-PBD. Let X be the set of 
points in this design, suppose x £ X, and let r x denote the number of blocks 
containing x. Let A \, . . . , A rx denote the blocks that contain x. Then 



^(\Ai\-l)=v-l. 

i=i 

Clearly \Aj\ -1 s 0 (mod oc(K)) for all i, 1 < i < r x , and hence v — 1 = 0 
(mod x(K)). This proves the first condition. 

To prove the second condition, let A \, . . . , Aj, be all the blocks in the pair- 
wise balanced design. Then 

f^\A i \(\A i \-l)=v(v-l). 

i=i 



Clearly |A t -|(|Ai| — 1) = 0 (mod f(K)) for all i, 1 < i < b. Hence, v(v — 1) = 0 
(mod 1 6 (K)). This completes the proof. □ 
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If |K| = 1 (say K = {k}) and v > k, then a (^,fC)-PBD is a (v, k, 1)-BIBD, 
and the conditions in Lemma 7.7 become 

v — 1 = 0 (mod k — 1) 



and 

v(v — 1) = 0 (mod k(k — 1)). 

These are precisely the conditions that the BIBD parameters r and b (respec- 
tively) be integers. 

Here is a small example to illustrate the application of Lemma 7.7 when 

\K\ > 1 . 

Example 7.8. Suppose K = {3, 4, 6}. Then it is easy to compute 

oc(K)= gcd{2,3,5} = l 



and 

P(K) = gcd{6, 12, 30} = 6. 

The necessary conditions in Lemma 7.7 simplify to v = 0 or 1 (mod 3). It 
follows that 



B({3,4,6}) C {ti e Z : n e 0 or 1 (mod 3 ),n > 3}. 



I 



We now introduce the very useful notion of a PBD-closed set. 

Definition 7.9. Suppose that K C {n £ Z : n > 2}. We say that K is a PBD- 
closed set if B(fC) = K, i.e., ifv £ K ivhenever there exists a (v, fC)-PBD. 

The following lemma is simple but important. It is commonly called 
"breaking up blocks". 

Lemma 7.10 (Breaking up Blocks). Suppose K C {n £ Z : n > 2}. Then B(K) 
is PBD-closed. 



Proof. Suppose K C {« g Z : n > 2}, and let (X,A) be any (v, B(kC))-PBD. 
We want to prove that there is a (v, K)-PBD. For all |A| £ A there is a (| A\, K)- 
PBD, say Define 

B= U B a . 

AeA 



Then it is easy to see that (X, B) is a (v, fC)-PBD. 



□ 



Lemma 7.10 implies some easy corollaries. The fact that B(fC) is PBD- 
closed implies the following result. 



Corollary 7.11. Suppose K C {n £ Z : n > 2}. Then B(B(fC)) = B(X). 
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For an integer k >2, define 

V*. = {k} U {v : there exists a (v,k, 1)-BIBD}. 

The next result is obtained by taking K = { k } in Corollary 7.11 and noting 
that Vj. = B({k}). 

Corollary 7.12. For any integer k >2, V*. is PBD-closed. 

We do a small example to illustrate Corollary 7.12. 

Example 7.13. We construct a (21, 3, 1)-BIBD by applying Corollary 7.12 with 
k = 3. Observe that a TD(3, 7) yields a (21, {3, 7})-PBD containing 49 blocks 
of size three and three blocks of size seven. Replace each block A of size 
seven by the seven blocks of a (7, 3, 1)-BIBD on point set A. The result is a 
(21,3,1)-BIBD. I 

Corollary 7.12 says that the set of all c'-values of ( v, k, l)-BIBDs is PBD- 
closed, for any fixed integer k > 2. We now prove the interesting and impor- 
tant result that the set of r-values of (v, k, 1 )-BIBDs is also PBD-closed. First, 
however, we must introduce the concept of a group-divisible design. 

Definition 7.14. Let v > 2 be a positive integer. A group-divisible design (ivhich 
we abbreviate to GDDJ is a triple (X,Q,A) such that the folloiving properties are 
satisfied: 

1. Xis a finite set of elements called points, 

2. Q is a partition ofX into at least two nonempty subsets called groups ( note that 
groups of size one are allowed), 

3. A is a set of subsets ofX called blocks such that |A| > 2 for all A £ A, 

4. a group and a block contain at most one common point, and 

5. every pair of points from distinct groups is contained in exactly one block. 

Transversal designs and truncated transversal designs are examples of 
group-divisible designs. The following lemmas record some simple ways of 
obtaining pairwise balanced designs from group-divisible designs and vice 
versa. 

Lemma 7.15. If (X, Q, ^4) is a group-divisible design, then (X,B) is a painvise bal- 
anced design with A = 1, where 

B = Au{G e Q : |G| >2}. 

Lemma 7.16. Suppose that (X, Q, A) is a group-divisible design. Suppose that oo ^ 
X, define Y = X U {oo}, and define 

£> = *4 U {G U {oo} : Ge Q}. 

Then (Y, B) is a pairwise balanced design with A = 1. 
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Lemma 7.17. If (X, A) is a pairwise balanced design with A = 1, then (X, Q, A) is 
a group-divisible design, where 



G = {{x}:xe X}. 

Next, we state and prove a useful equivalence between (v, k, l)-BIBDs 
and certain group-divisible designs. 

Lemma 7.18. Suppose that v > k > 1. Then there exists a (v,k, 1)-BIBD if and 
only if there exists a group-divisible design having v — 1 points, r groups of size 
k — 1, and blocks of size k (where, as usual, r = (v — 1) / (k — 1)). 

Proof. Given a ( v,k , 1)-BIBD, choose any point x. Form the groups of the de- 
sired group-divisible design by taking the blocks that contain x and deleting 
x from them. The blocks of the group-divisible design are all the remaining 
blocks in the BIBD. 

The converse follows from Lemma 7.16. Note that the resulting pairwise 
balanced design has only blocks of size k and therefore it is a BIBD. □ 

Example 7.19. A (9, 3, 1)-BIBD was presented in Example 1.4: 

X= {1,2,3,4,5,6,7,8,91, and 

A = {123, 456, 789, 147, 258, 369, 159, 267, 348, 168, 249, 357} . 

If we delete the point 1, say, then we obtain the following GDD (Y, Q, B): 

Y= {2,3,4,5,6,7,8,9}, 

G = {23,47,59,68}, and 
B = {456, 789, 258, 369, 267, 348, 249, 357} . 

This GDD contains four groups of size two and eight blocks of size three. I 

Corollary 7.12 asserts that the set V/, is PBD-closed. For any integer k >2, 
define 

R k = {r : there exists an ( r{k — 1) + l,k, 1)-BIBD}. 

We show that R/. is PBD-closed in the next theorem. 

Theorem 7.20. Rj. is PBD-closed for any integer k >2. 

Proof. Let (X, A) be any (v, R^-PBD. We want to prove that v € R*. In other 
words, we want to show that there exists a (v(k — 1) + l,k, 1)-BIBD. 

For every block A € A, there exists an (|A|(k — 1) + l,k, 1)-BIBD. By 
Lemma 7.18, this BIBD is equivalent to a group-divisible design having 
\A\(k — 1) points, |A| groups of size k — 1, and blocks of size k. Let I be some 
set of size k — 1. We can construct this group-divisible design on point set 
Ax I such that the groups are {x} x I, x € A. Let B/\ denote the blocks of 
this group-divisible design. 
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Define 



y = x x i, 

H = {{x} x I : x € X}, and 

B = U Ba ~ 

AeA 

We will prove that (Y,H,B) is a group-divisible design having v ( k — 1) 
points, v groups of size k — 1, and blocks of size k. Then, by Lemma 7.18, 
there exists a (v(k — 1) + 1 ,k, 1)-BIBD, as required. 

It is clear that (' Y,H,B ) has v(k — 1) points, v groups of size k — 1, and 
blocks of size k. Thus we need only to verify that any two points from dif- 
ferent groups occur in a unique block in B. Consider two points, say (x, i ) 
and ( y,j ), where x,\J € X, x ^ y, and i, j £ I. There is a unique block 
A £ A such that x,y £ A. Then, there is a unique block Bo £ B,\ such that 
(x, i), ( y,j ) £ Bo- Bo is the unique block in B that contains (x, i) and (; y,j ), and 
the proof is complete. □ 

We present a small example to illustrate. 

Example 7.21. Let k = 3. Since there exists a (7, 3, 1)-BIBD, it follows that 3 £ 
R 3 . The fact that R 3 is PBD-closed, together with the existence of the same 

(7. 3. 1) -BIBD, establishes that 7 £ R 3 . In other words, we can construct a 

(15. 3. 1) -BIBD by means of the construction given in the proof of Theorem 
7.20. 

Suppose we begin with the following (7,3, 1)-BIBD: 

X = {1,2, 3, 4, 5, 6 , 7}, and 
A = {123,145,167,246,257,347,356}. 

For every block A = {x,y,z\ £ A, we replace A by the four blocks of 
a group-divisible design having points A x {0, 1} and groups {x} x {0, 1}, 
{y} x {0, 1}, and {z} x {0, 1}. We can use the following set of four blocks: 

B {xyz} = {{*o,yo/Zo}, {x 0 ,i/i,zi}, {x!,y 0 , z\}, {xi,yi,zo}}, 

where we write points (x, i) in the form x, in order to save space. We carry 
out this process for each of the seven blocks in A, obtaining a set of 28 blocks, 
which are the blocks of a group-divisible design having seven groups of size 
two. We then add a new point to each group, to obtain the seven blocks in 
Boo- The resulting set of 35 blocks, shown in Figure 7.1, form a(15, 3, 1)-BIBD. 

I 
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% 23 } = {{1o,2o,3o},{1 0/ 2 1/ 3 1 } / {1 1/ 2o,3 1 } / {1 1/ 2 1/ 3o}} 
6 ( 145 } = {{1o,4o,5o},{1o, 4 1/ 5 1 },{1 1 ,4 0/ 5 1 },{1 1/ 4 1/ 5 0 }} 
6(167} = {{lo/6 0 ,7 0 }, {l 0 r 6 lr 7j}, {li, 6 0 , 7 X }, {li,6i,7 0 }} 
6 ( 246 } = {{2o,4o,6o},{2 0/ 4 1/ 6 1 } / {2 1 ,4o,6 1 } / {2 1/ 4 1/ 6o}} 
6 ( 257 } = {{2o,5o,7 0 },{2o,5 1/ 7 1 } / {2 1 ,5o, 7 1 } / {2 1/ 5 1 ,7 0 }} 
6(347} = {{3 0 ,4 0 ,7 0 }, {3 0 ,4 1/ 7 1 } / {3j, 4 0 , 7 \}, {3i,4i, 7 0 }} 
6 ( 356 } = {{3o,5 0 ,6 0 }, {3 0 , 5i,6i},{3i, 5 0 , 6x }, {3 1 ,5 1 ,6 0 }} 
6oo = {{oo,0 0 ,Oi}, {00,10,1!}, {00,20,2!}, {oo,3 0 ,3i} 
{ oo /4 0 ,4i} / {oo, 5 0 ,5i},{oo,6 0 ,6i}}. 

Fig. 7.1. A (15,3, 1)-BIBD 



7.3 Steiner Triple Systems 

Recall that we constructed Steiner triple systems (i.e., (v,3, l)-BIBDs) of all 
permissible orders in Section 6.2. In this section, we give a different proof of 
the same result using PBD-closure techniques. 

We know that the set of zz-values of (v, 3, 1 j-BIBDs is PBD-closed, as is the 
set of r-values of (v, 3, l)-BIBDs. If we construct some small (v, 3, l)-BIBDs 
(e.g., (7,3,1)- and (9, 3, l)-BIBDs), then we can construct larger (v, 3, 1)- 
Bl BDs by first constructing pairwise balanced designs with block sizes 3, 7, 9, 
etc. (This approach was illustrated in Example 7.13.) However, it turns out to 
be easier to use the PBD-closure of R 3 to construct Steiner triple systems. This 
is because the set R 3 contains several small numbers (e.g., 3, 4, 6 , and 7, as we 
will show) and it is easier to construct pairwise balanced designs when there 
are more allowable block sizes. In particular, the fact that R 3 contains the 
consecutive integers 3 and 4 makes it an easy task to construct (v, R 3 )-PBDs 
using truncated transversal designs. 

Recall from Lemma 6.11 that an STSfc'j exists only if v = 1 or 3 (mod 6 ), 
v >7. Defining r = (v — l)/2, these conditions can be restated as r = 0 or 1 
(mod 3), r > 3. Therefore we have that 



R 3 C {n > 3 : n = 0, 1 (mod 3)}. 

We will in fact prove that R 3 = {«>3:«=0, 1 (mod 3)}. The strategy is as 
follows: 

1. Find some small elements of the set R 3 . We will show by direct construc- 
tions that {3,4,6} C R 3 . 

2. Try to construct (v, {3,4, 6 })-PBDs for as many values of v as possible. 
We will (mainly) use truncated transversal designs to show that 



B({3, 4,6}) = {« > 3 : n = 0,1 (mod 3)}. 




7.3 Steiner Triple Systems 165 



3. Since R3 is PBD-closed, we conclude that 

R 3 = {«>3:h= 0, 1 (mod 3)}. 

We proceed to carry out these three steps now. 

Step 1 

• A projective plane of order 2 exists, which is a (7, 3, 1)-BIBD. Hence, 3 € 
r 3 - 

• An affine plane of order 3 exists, which is a (9, 3, 1 )-BI BD. Hence, 4 € R3. 

• Example 3.45 displayed a (13, 3, 1) -difference family; this implies that 6 € 
r 3 - 

Hence we have shown that {3, 4, 6} C R 3 . 

Step 2 

We first show that three particular integers are in B({3,4, 6}) by means of 
direct constructions. 

Lemma 7.22. {7,18,19} C B({3,4,6». 

Proof. 

• 7 e B({3}) because a (7,3, 1)-BI BD exists. 

• 18 € B({3, 6}) by Lemma 7.2 because a TD(3, 6) exists. 

• Adjoining a point to the groups of a TD(3, 6), we obtain a (19, {3, 7})-PBD 
(see Lemma 7.16). Then, because we have shown above that 7 € B({3}), 
it follows that 19 € B({3}). 

□ 

The following simple lemma will now allow us to complete the determi- 
nation of B({3, 4,6}). 

Lemma 7.23. Suppose that t = 0 or 1 (mod 3), t > 3, and i / 6. Then the 
folloiving PBDs exist in zvhich all block sizes are congruent to 0 or 1 modulo 3. 

l.Ifu = 0 or 1 (mod 3) and 3 < u < t, then there is a (3 t + u, {3,4, f, »})-PBD. 
2.IfuG {0, 1}, then there is a (3 1 + u, {3,4, f})-PBD. 

Proof. Apply Lemma 7.2 using the fact that a TD(4, t) exists if and only if 
t f 2,6. □ 

Now we prove the main result of Step 2. 

Theorem 7.24. B({3,4,6}) = {n > 3 : n = 0,1 (mod 3)}. 
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Proof. First, we compute a({3,4,6}) = 1 and /3({3,4,6}) = 6. Therefore, by 
Lemma 7.7, it follows that 

B({3,4,6}) C {n > 3 : n = 0,1 (mod 3)}. 

By constructing appropriate ( v , {3, 4, 6})-PBDs, we will show that 

B({3,4,6}) = {n > 3 : n = 0,1 (mod 3)}. 

Our proof is by induction. Suppose that wq = 0 or 1 (mod 3), Vq > 3, 
and, as an induction hypothesis, suppose that v € B ({3, 4, 6}) for v = 0 or 
1 (mod 3), 3 < v < Vo- Clearly this is true for Vq = 3,4, and 6, which we 
can take as base cases for the induction. Now, assuming that vq > 7, we will 
prove that a ( v 0/ {3,4,6})-PBD exists. 

Ifr’o <= {7, 18,19}, then apply Lemma 7.22 . Otherwise, write Vq in the form 
Vq = 9s + j, where j € {0, 1, 3,4, 6, 7}, and apply Lemma 7.23 with values f 
and u as indicated in the following table: 

Vq =3 1 + U 

9s = 3(3s), s > l,s f 2 

9s + 1 = 3(3s) + 1, s > l,s / 2 
9s + 3 = 3(3s + l), s>l 
9s + 4 = 3(3s + 1) + 1, s > 1 
9s + 6 = 3(3s + l) + 3, s > 1 
9s + 7 = 3(3s + 1) + 4, s > 1. 

We therefore construct a (vo, {3,4, f})-PBD. By induction, we have that t € 
B({3,4,6}), and hence Lemma 7.10 shows that z?o € B({3,4,6}). This com- 
pletes the proof. □ 



Step 3 

At this point, we have shown the following: 

{3,4,6} C R 3 , inStep 1 

B({3,4,6}) = {n > 3 : n = 0, 1 (mod 3)}, in Step 2, and 
R 3 C {n > 3 : n = 0, 1 (mod 3)}. 

Clearly, {3,4,6} C R 3 implies that B({3,4,6}) C B(R 3 ). Also, B(R 3 ) 
because R 3 is PBD-closed. It therefore follows that 

{n > 3 : n = 0,1 (mod 3)} = B({3,4,6}) 

c B(R 3 ) 

= R 3 

C {n > 3 : n = 0, 1 (mod 3)}. 



Hence, 



R 3 = {n > 3 : n = 0, 1 (mod 3)}, 
and we have proven the following theorem. 



r 3 
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Theorem 7.25. There exists an STS(z?) (i.e., a (z;, 3, 1)-BIBD) if and only ifv = 1 
or 3 (mod 6), v >7. 



7.4 (v, 4,l)-BIBDs 

In this section, we use similar techniques to study (v, 4, l)-BIBDs. The neces- 
sary numerical conditions for the existence of a (v,4, 1)-BIBD are that v = 1 
or 4 (mod 12), v > 13. Defining r = (v — l)/3, these conditions can be re- 
stated as r = 0 or 1 (mod 4), r > 4. Therefore we have that 

R4 Q { n > 4 : n = 0, 1 (mod 4)}. 

We will prove that R4 = {n > 4 : n = 0, 1 (mod 4)}. 

We will carry out the proof in three steps in a fashion similar to the proof 
in Section 7.3. 

Step 1 

The first step is to find some small elements of the set R4. We have the fol- 
lowing: 

• A projective plane of order 3 exists. This design is a (13,4, 1)-BIBD, so 
4 G R 4 . 

• An affine plane of order 4 exists . This design is a ( 1 6, 4, 1 ) - B I B D, so 5 G R4 . 

• Example 7.26 displays a (25,4, 1) -difference family. This yields a (25,4, 1)- 
BIBD, and therefore 8 G R4. 

• In Example 7.27, we present a group-divisible design with nine groups of 
size three and blocks of size four. Then, Lemma 7.16 establishes that there 
is a (28,4, 1)-BIBD, and hence 9 G R4. 

• Example 7.28 presents a (37, 4, 1 (-difference family, which gives rise to a 
(37,4, 1)-BIBD. This ensures that 12 G R4. 

Example 7.26. A (25,4, 1 (-difference family in (Z5 x Z5, +). There are two 
base blocks, namely 

{(0,0), (0, 1), (1,0), (2,2)} and {(0,0), (0,2), (2,0), (4,4)}. 

I 

Example 7.27. A group-divisible design with nine groups of size three and 
blocks of size four. The set of points is Z3 x Z3 x Z3, and the nine groups 
of the GDD are {(x,y,z) : z G Z 3 }, x,y G Z 3 . The blocks are obtained by 
developing the following two base blocks through the additive group Z3 x 
Z3 x Z3: 

{(0,0,0), (0,2,0), (1,1,1), (2, 1,1)} and {(0,0,0), (1,0,2), (0,1,2), (1,1,0)}. 



I 
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Example 7.28. A (37,4, Indifference family in (Z 3 7 , +). There are three base 
blocks, namely 



{0, 1, 3, 24}, {0, 10, 18, 30}, and {0, 4, 26, 32}. 



I 



The preceding examples and discussion establish the following lemma. 
Lemma 7.29. {4,5,8,9,12} C R 4 . 

Step 2 

The second step is to construct (v, {4, 5,8, 9, 12})-PBDs. We will mainly use 
truncated transversal designs to prove the following result. 

Theorem 7.30. 



B({4,5, 8, 9, 12}) = {n >4,n = 0,l (mod 4)}. 

Proof. First, we compute a({4,5, 8,9, 12}) = 1 and j8({4, 5, 8,9, 12}) = 4. 
Therefore, by Lemma 7.7, it follows that 

B({4, 5, 8, 9, 12}) C {n > 4 : n = 0,1 (mod 4)}. 

By constructing appropriate ( v , {4, 5, 8, 9, 12})-PBDs, we will show that 

B({4,5, 8,9, 12}) = {n > 4, n = 0, 1 (mod 4)}. 

Our proof is by induction. Suppose that Vq = 0 or 1 (mod 4), Vq > 4, and, 
as an induction hypothesis, suppose that v € B({4, 5, 8, 9, 12}) for v = 0 or 1 
(mod 4), 4 < v < vq. Clearly this is true for Vq = 4, 5 , 8 , 9 , and 12, which we 
can take as base cases for the induction. Now, assuming that vq > 13, we will 
prove that a (vq, {4, 5, 8, 9, 12})-PBD exists. 

We will handle several small values of Vq as special cases, namely 

v 0 G S = {13,28,29,41,44,45,48,49}, 



as follows: 

• A (13,4, 1)-BIBD (i.e., a projective plane of order 3) is a (13, {4})-PBD. 

• A (28,4, 1)-BIBD (see Example 7.27) is a (28, {4})-PBD. 

• A TD(4, 7) with a new point added to each group yields a (29, {4, 8 })-PBD 
(see Lemma 7.16). 

• A (41, {4,5, 9})-PBD exists by truncating four points from a group of a 
TD(5,9) (i.e., apply Lemma 7.2, noting that a TD(5,9) exists from Theo- 
rem 6.34). 

• A (44, {4, 5, 8 , 9})-PBD exists by truncating one point from a group of a 
TD(5, 9) and applying Lemma 7.2. 
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_£o 

48s 

48s + 1 : 
48s + 4 : 
48s + 5 : 
48s + 8 : 
48s + 9 : 
48s + 12 : 
48s + 13 : 
48s + 16 : 
48s + 17 : 
48s + 20 : 
48s + 21 : 
48s + 24 : 
48s + 25 : 
48s + 28 : 
48s + 29 : 
48s + 32 : 
48s + 33 : 
48s + 36 : 
48s + 37 : 
48s + 40 : 
48s + 41 : 
48s + 44 : 
48s + 45 : 



— 4 1 ii 

= 4 (12s - 
= 4 (12s - 
= 4 (12s + 
4 (12s + 
4 (12s + 
4 (12s + 
4 (12s + 
4 (12s + 
4 (12s + 
4 (12s + 
4 (12s + 
4 (12s + 
4 (12s + 
4 (12s + 
4 (12s + 
4 (12s + 
4 (12s + 
4 (12s + 
4 (12s + 
4 (12s + 
4 (12s + 
4 (12s + 
4 (12s + 
4 (12s + 



4) + 16, 
4) + 17, 
1 ), 

1 ) + 1 , 
1) +4, 
1) + 5, 
1 ) + 8 , 
1) + 9, 
4) 

4) + 1 

5) 

5) + 1 
5) +4 
5) +5 
5) +8, 
5) +9, 
8 ) 

8 ) + 1 
8) +4 
8) +5 
8 ) +8 
8) +9, 
8 ) + 12 , 
8) + 13, 



s > 2 
s > 2 
s > 1 
s > 1 
s > 1 
s > 1 
s > 1 
s > 1 



s > 1 
s > 1 



s > 1 
s > 1 
s > 1 



Table 7.1. Constructions for Truncated Transversal Designs 



• A TD(5, 9) yields a (45, {5, 9})-PBD (apply Lemma 7.15). 

• A TD(4, 12) yields a (48, {4, 12})-PBD (apply Lemma 7.15). 

• A TD(4, 12) with a new point added to each group yields a (49, {4, 13})- 
PBD (see Lemma 7.16). Since there is a (13, {4})-PBD (i.e., a (13,4,1)- 
BIBD), a (49, {4})-PBD exists by Lemma 7.10. 

If Vq £ S, then write Vq in the form Vq = 48s + j, where j = 0 or 1 (mod 4) 
and 0 < j <45. Then we construct a truncated transversal design by delet- 
ing t — u points from a group of a TD(5, t), where the values f and u are as 
indicated in Table 7.1. In each case, we have Vq = 4f + u, where f = 1,4, 5, or 
8 (mod 12), 0 < u < t, and h : 0 or 1 (mod 4). 

For these values of f and u, we can apply Lemma 7.2, noting that a 
TD(5, f) exists from Corollary 6.35. 

The pairwise balanced design that results is a ( Vo , {4, 5, 8, 9, 12, f, 2 (})-PBD 
where t = 0 or 1 (mod 4) and 4 < u < 17 or a (vq, {4, 5, 8, 9, 12, f})-PBD if 
22 = 0 or 1. By induction, we have that f £ B({4,5,8,9, 12}). If u = 13,16, 
or 17, then u £ B({4, 5}). In every case, it follows from Lemma 7.10 that 
Vo £ B({4, 5, 8,9, 12}), and the proof is complete. 

□ 




170 7 Pairwise Balanced Designs I 

Step 3 

Summarizing in a fashion similar to Step 3 in Section 7.3, the following exis- 
tence result concerning (v,4, l)-BIBDs can be proven. (The reader can fill in 
the details.) 

Theorem 7.31. There exists a (v, 4, 1)-BIBD if and only if v = 1 or 4 (mod 12) 
and v > 13. 



7.5 Kirkman Triple Systems 

We now turn our attention to resolvable (v, 3, 1 )-BI BDs. A resolvable (v, 3, 1 )- 
BIBD is known as a Kirkman triple system (of order v) in honor of the Rev. 
Thomas Kirkman, who posed the problem of constructing resolvable (v, 3, 1)- 
BIBDs in the mid-nineteenth century. The case v = 15 came to be known as 
the "15 schoolgirls problem", and several solutions were found. However, 
for general v, the problem remained unsolved for over 100 years. 

A resolvable (v,3, 1)-BIBD will be denoted a KTS(z'). Using PBD tech- 
niques, we will give a complete proof that a KTS(zz) exists for all integers 
v = 3 (mod 6), v > 9. First, we need to prove a variation of Theorem 7.20 that 
pertains to resolvable BIBDs. This theorem will make use of group-divisible 
designs that satisfy certain resolvability properties that we define now. 

Definition 7.32. Suppose that (X, Q, B) is a group-divisible design. Let G € Q. A 
holey parallel class ivith hole G is a subset of blocks Bo C B that partitions X\G. 

Nozv suppose that ( X,Q,B ) is a group-divisible design ivith r groups of size 
k — 1 and blocks of size k. Denote the groups as G\, . . . , G r . Suppose there exist r 
holey parallel classes, say T \\, . . . , Tl r , that satisfy the following properties. 

1. For 1 < i < r, n, is a holey parallel class ivith hole G t . 

2. Every block B & Bis in exactly one of the n,s. 

Then (X, Q, B) is said to be a k- frame on r holes. 

Lemma 7.33. There exists a resolvable (v,k, 1)-BIBD if and only if there exists a 
k-frame on r holes, where r = (v — l)/{k — 1). 

Proof. Let ni,...,n r be the parallel classes of a resolvable (v,k, 1 )-BIBD, 
where r = (v — l)/(k — 1). Choose any point x, and form groups and blocks 
of a group-divisible design as in the proof of Lemma 7.18. We need to show 
that the set of blocks of this group-divisible design can be partitioned into 
holey parallel classes. For 1 < i < r, there is a unique block B, £ FT, such 
that x € B,. Define the zth group to be C, = B ; \{x}, and define the zth holey 
parallel class to be n' = n i \{B i }. The result is easily seen to be a k-frame on 
r holes. 

The converse is proven by adding a new point to each group, as in The- 
orem 7.18. A parallel class of the resulting BIBD is just a parallel class of the 
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frame, together with its corresponding hole, augmented with the new point. 

□ 



Example 7.34. The following KTS(9) was presented in Example 1.4: 
X = {1,2,3,4,5,6,7,8,9}, and 

A = {123, 456, 789, 147, 258, 369, 159, 267, 348, 168, 249, 357} . 
The parallel classes are 



n x = {123,456,789}, 
n 2 = {147,258,369}, 
n 3 = {159,267,348}, and 
n 4 = {168,249,357}. 



Take x = 1 in Lemma 7.33, and construct a 3-frame with four holes. The 
holes are 23, 47, 59, and 68, and the corresponding holey parallel classes are 
(respectively) 



n{ = {456, 789}, 

Y1' 2 = {258,369}, 

= {267,348}, and 
n} = {249,357}. 



We now prove an analogue of Theorem 7.20 for resolvable BIBDs. 
Theorem 7.35. Suppose k > 2, and define 

R{ = {r : there exists a resolvable ( r(k — 1) + 1 ,k, 1)-BIBD}. 

Then R£ is PBD-closed. 

Proof. Let (X, A) be any (v, _R{)-PBD. We will show that there exists a re- 
solvable (v(k — 1) + l,k, 1) -BIB D. The BIBD can be constructed exactly in the 
proof of Theorem 7.20, so our main task is to show that this BIBD is resolv- 
able. 

Lor every block A £ A, there exists a resolvable (\A\(k — 1) + l,k, 1)- 
BIBD. By Lemma 7.33, this BIBD is equivalent to a /(-frame on |A| holes. We 
can construct this group-divisible design on point set A x I such that the 
groups are {x} x I, x € A, where \I\ = k - 1. Lor all x <E A, let Ha, x denote 
the holey parallel class with hole {x} x I. 

By Theorem 7.20, we obtain a group-divisible design on point set Y = 
X x I in which the groups are { { x } x l : x € X} and where the blocks all 
have size k. Lor all x £ X, define 




172 7 Pairwise Balanced Designs I 



n* — n ArX . 

{AeA:xeA} 

It is not hard to see that Tl x is a holey parallel class with hole { x } x I. It 
is also straightforward to see that each block of the group-divisible design 
occurs in exactly one of the TI/s. Therefore we have constructed a k- frame 
on v holes. Applying Lemma 7.33, we have a resolvable (v(k — 1) + l,k,l)- 
B I B D, as desired. □ 

As mentioned earlier, the necessary numerical conditions for the exis- 
tence of a KTS(p) are that v = 3 (mod 6). Defining r = (v — l)/2, this can be 
restated as r = 1 (mod 3). Therefore we have that 

R3 C {n > 4 : n = 1 (mod 3)}. 

We will give a proof in this section that R3 = {n > 4 : n = 1 (mod 3)}. We 
employ a three-step strategy similar to the one used in previous sections. 



Step 1 

We begin with a direct construction for an infinite class of Kirkman triple 
systems. 

Lemma 7.36. If q = 1 (mod 6) is a prime power, then there exists a KTS(2^ + 1). 

Proof. Let q = 6t + 1 and let a. £ be a primitive element. Let 6 = fct f + 
1)2 -1 . Now define X = (F^ x {1,2}) U {00}. Start with the following set of 
blocks, which is in fact a parallel class: 

n 0 = {{~, (0,1), (0,2)}} 

U {{(a 1- , 1), (« !+f , 1), {6ec\ 2)} : 0 < i < t - 1} 

U {{(«*, 1), (a !+f , 1), (0a ! ,2)} : 2t < i < 3t - 1} 

U {{(a 1 , 1), (a !+f , 1), (0a ! ,2)} : 4t < i < 5t - 1} 

U {{($a !+f , 2), (6a i+3t ,2), (0a !+5t , 2)} : 0 < i < t - 1}. 

The other parallel classes are obtained by developing this base class through 
It can be shown that the resulting design is a KTS(2^ + 1). □ 

Example 7.37. A KTS(15). a = 3 is a primitive element in Z 7, and then we 
compute 9 = (3 + 1)2 -1 = 2. Then 



n n = 



{00, (0, 1), (0,2)}, {(1, 1), (3, 1), (2,2)}, {(2, 1), (6, 1), (4,2)}, 
{(4,1), (5,1), (1,2)}, {(6,2), (5,2), (3,2)} 



I 
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Lemma 7.38. There exist KTS (v) for v £ {9,15,21,39}; hence {4,7,10,19} C 

R 3- 

Proof. An affine plane of order 3 is a KTS(9). KTS(15) and KTS(39) are spe- 
cial cases of Lemma 7.36. We construct a KTS(21) now. Let X = Z7 x Z3. 
First, define 

f { (0, 0), (0, 1), (0, 2)}, { (3, 0), (6, 0), (5, 0)}, { (3, 1), (6, 1), (5, 1 )}, ) 
n 0 = < { (3, 2), (6, 2), (5, 2)}, { (2, 0), (4, 1), (1, 2)}, { (2, 1), (4, 2), (1, 0)}, 

1 {(2/2), (4,0), (1, 1)} J 

and define FI; = (i, 0) + Flo for i £ Z7. Next, define 

f {(3,0), (6, 1), (5,2)}, {(4,0), (0, 1), (6,2)}, {(5, 1), (1,2), (0,0)}, } 

T 0 = ^ {(6,2), (2,0), (1, 1)}, {(0,0), (3,1), (2,2)}, {(1,0), (4,1), (3,2)}, } , 

1 {(2/ 1)/ (5,2), (4,0)} J 

and define T j = (0 ,/) + Tq for j G Z3. The ten sets IT, ( i G Z 7) and T j 
(j G Z3) are the parallel classes of a resolvable (21,3, 1)-BIBD. □ 

Step 2 

The second step is to construct (v, {4, 7, 10, 19})-PBDs for all v = 1 (mod 3). 
In order to do this, we will make use of a powerful recursive construction for 
group-divisible designs known as "Wilson's construction for GDDs". 

Theorem 7.39 (Wilson's Construction for GDDs). Suppose that (X, Q, A) is 

a group-divisible design. Let zv be a positive integer and let I be a set of size zv. 
Suppose that K C {n G Z : n > 2} and, for every A £ A, suppose that there is a 
group-divisible design having |A| groups of size zv and all block sizes in K, say 

(A x !,{{x} x I : x G A},Ba). 



Define 



Y = X x I, 

H = {G x I : G G G}, and 

b={Jb a . 

AeA 

Then (Y,TL,B) is a group-divisible design such that |B| G K for all B G B. 

Proof. Clearly \B\ G K for all B £ B, so we just need to verify that (‘ Y,H,B ) 
is a group-divisible design. Take two points from different groups, say ( x , i) 
and (y,j), where x f y. There is a unique block A £ A such that x,y £ A. 
Then there is a unique block B G B A such that (x, z), ( y,j ) £ B. □ 
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We have already used a form of Theorem 7.39 in the proof of Theorem 
7.20, where the main step in the construction can be viewed as an application 
of Wilson's construction in which w = k — 1. 

We will make essential use of the following corollary of Theorem 7.39, 
which provides constructions for group-divisible designs having blocks of 
size 4. 

Corollary 7.40. Suppose there is a TD(5, f) and 0 < u < t. Then there exists a 
group-divisible design on 3(4 1 + u) points, having four groups of size 3 1 and one 
group of size 3 u and blocks of size four. 

Proof. First, construct a truncated transversal design having four groups of 
size t and one group of size u and blocks of sizes four and five. Then, apply 
Theorem 7.39 with w = 3 and K = {4}. We require group-divisible designs 
with four and five groups of size three and blocks of size four. These are 
obtained from (13,4,1)- and (16, 4, l)-BIBDs by applying Lemma 7.18. The 
result follows. □ 

We now construct the necessary ( v , {4, 7, 10, 19})-PBDs. We do this in sev- 
eral steps. 

Lemma 7.41. Suppose n > 0 is an integer such that 

n ef T= {0,1, 2, 3, 6, 7,.. ., 19,26,27,36,37, . ..,43,66,67}. 

Then there exists a (3 n + 1, {3f + 1,3 u + 1,4})-PBD for some integers t, u > 0. 

Proof. Write n = 24nz + j, where 4 <j< 27 (this can be done uniquely). If 
4 < j < 19, then take t = 6m + 1 and u = j — 4; if 20 < j < 27, then take t = 
6m + 5 and u = j — 20. In each case, we have that n = At + u, and a TD(5, t) 
exists by Theorem 6.34 since gcd(f, 2) = gcd(f, 3) = 1. It is straightforward 
to verify that t > u if and only if n f T. Therefore, it follows from Corollary 
7.40 that, if n f T, then there is a group-divisible design on 3 n points, which 
has four groups of size 3 1 and one group of size 3 u and blocks of size four. 
Applying Lemma 7.16, we see that there is a (3 n + 1, {3t + 1,3 u + 1,4})-PBD 
for these values of n. □ 

Lemma 7.42. Suppose that 

n G {16,17,18, 19,36,37,. ..,43,66,67}. 

Then there exists a (3 n + 1, {3 1 + 1, 3 it + 1,4})-PBD for some integers t, u > 0. 

Proof. For 16 < n < 19, take t = 4; for 36 < n < 43, take t = 9; and for 
n = 66, 67, take t = 16. Let u = n — 4 1. In each case, we have that n =4 1 + u, 
where 0 < u < t, and a TD(5, t) exists by Theorem 6.34. Then, proceed as in 
the proof of Lemma 7.41. □ 
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Lemma 7.43. Suppose that 



n G {6,... ,15, 26, 27}. 

Then there exists a (3 n + 1, {4, 7, 10})-PBD. 

Proof. For n = 8, 9, 12, 13, there is a (3 n + 1,4, 1)-BIBD by Theorem 7.30. 

For n = 7, 10, start with resolvable (2 n + 1,3, l)-BIBDs, which exist by 
Lemma 7.38. Then apply Lemma 7.3. 

For n = 15, 27, start with in + 1, 4, 1 )-BI BDs, which exist by Theorem 7.30. 
Apply Lemma 7.18 to obtain a group-divisible design with n / 3 groups of size 
three and blocks of size four. Then apply Theorem 7.39 with zv = 3, using as 
ingredients group-divisible designs with four groups of size three and blocks 
of size four (these arise from (13,4, l)-BIBDs using Theorem 7.30). The result 
is a group-divisible design with n/3 groups of size nine and blocks of size 
four. Then apply Lemma 7.16 to obtain (3 n + 1, {4, 10})-PBDs. 

The cases n = 14, 26 are done in a similar fashion. We begin with group- 
divisible designs having n/2 groups of size two and blocks of size four, 
which are presented in Examples 7.44 and 7.45, respectively. Then proceed 
exactly as in the cases n = 15, 27, obtaining group-divisible designs with n / 2 
groups of size six and blocks of size four. Then apply Lemma 7.16 to obtain 
(3w + l,{4,7})-PBDs. 

The final case is n = 11. A (34, {4, 7})-PBD is constructed in Example 
7.46. □ 

Example 7.44. A group-divisible design (X, Q, A) having seven groups of size 
two and blocks of size four. X = Z 14 , 

Q = {{0,7}, {1,8},... ,{6,13}}, 



and 

A = { {0, 2, 5, 6 } + i : i G Z 44 } ■ 

I 

Example 7.45. A group-divisible design (X, Q, A) having 13 groups of size 
two and blocks of size four. X = Z 2 6 , 

Q = {{0,13}, {1,14} {12,25}}, 



and 

-4 = {{0, 6 , 8,9} + i, {0,4, 11, 16} + i , : i G Z 26 }. 

I 

Example 7.46. A (34, {4, 7})-PBD. Define X = Z 9 x Z 3 , and define the follow- 
ing four sets of blocks of sizes three and four: 
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A 1 = {{(0,0), (2, 1), (2,2), (3,2)} + (z, j) : (i,j) G Z 9 x Z 3 } 

A 2 = {{(0,0), (3,1), (5,1)}+ (i,j) : ( i,j ) G Z 9 x Z 3 } 

= {{(0,0), (4,1), (8,1)}+ (i,j) : (i i,j ) G Z 9 x Z 3 } 

A 4 = {{(0,0), (3,0), (6,0)} +(»,/) :i = 0,1,2,; G Z 3 }. 

It is not hard to check that (X, xti U A 2 U*4 3 U Af) is a (27, {3,4})-PBD. Now, 
M 4 is a parallel class, and it is not difficult to show that each of A 2 and xl 3 can 
be partitioned into three parallel classes. We obtain a total of seven parallel 
classes, which we name n,, i = 1, . . . , 7. Adjoin a new point 00 , to each block 
in n,-, for 1 < i < 7, and denote the modified parallel classes as Id', i = 
1 ,7. Then create a new block of size seven, namely Q = {004 . . . , 007 }. It 
is clear that (Y, B) is a (34, {4, 7})-PBD, where Y = XUfi and 

B = Ai\J (|J n-) um. 



I 

Theorem 7.47. There exists a (v, {4, 7, 10, 19})-PBD/or all v = 1 (mod 3), v > 
4. 

Proof. The proof is by induction on v. Clearly there exists a (z>, {4, 7, 10, 19})- 
PBD if v G {4, 7, 10, 19}. Denote n = (v - l)/3. If n G T\{4, 7, 10, 19}, then 
apply Lemma 7.42 or 7.43 to obtain the desired pairwise balanced design. If 
n £ T, then apply Lemma 7.41 to obtain a (3 n + 1, {3 1 + 1,3;; + 1,4})-PBD 
for some integers t > 1, u > 0. By induction, 3 1 + l,3u + 1 G B({4, 7, 10, 19}) 
(or 3u + 1 = 1), so it follows from Lemma 7.10 that v G B({4, 7, 10, 19}) 
by ignoring blocks of size one if they are present. By induction, the proof is 
complete. 

□ 



Step 3 

Summarizing, here is the main existence result concerning Kirkman triple 
systems. 

Theorem 7.48. There exists a KTS(z;) if and only ifv = 3 (mod 6 ) and v >9. 

Proof. We have already discussed the necessary conditions. Sufficiency fol- 
lows from Theorem 7.35, Lemma 7.38, and Theorem 7.47. □ 



7.6 Notes and References 

Much recent information on pairwise balanced designs can be found in Sec- 
tion III of "The CRC Handbook of Combinatorial Designs" [27]. 
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Haim Hanani was a pioneer in the use of pairwise balanced designs and 
their application to the construction of PBDs. Theorem 7.31 was proven by 
Hanani in [57]. 

Frames were first defined formally in Stinson [102], although the use of 
these objects is implicit in earlier work of Hanani. Furino, Miao, and Yin 
[46] is a monograph on frames and their application to the construction of 
resolvable designs. 

Wilson wrote a series of three important papers [118, 119, 123] in which 
he proved that the necessary numerical conditions for existence of a (v, K)- 
PBD (Lemma 7.7) are asymptotically sufficient (i.e., the necessary conditions 
are sufficient for v > c«, where Ck is a constant depending on K). Theorem 
7.39 is from Wilson [122], and Theorem 7.48 is due to Ray-Chaudhuri and 
Wilson [84], 



7.7 Exercises 

7.1 Describe how to construct the following PBDs. 

(a) a (31, {4, 10})-PBD. 

(b) a (31, {3, 15})-PBD. 

(c) a (31, {3,5})-PBD. 

(d) a (31, {3, 11})-PBD. 

(e) a (36, {5, 8})-PBD. 

(f) a (36, {4, 9})-PBD. 

(g) a (36, {3,4})-PBD. 

(h) a (33, {4, 5, 7})-PBD. 

(i) a (49, {4, 5,9})-PBD. 

(j) a (49, {6, 9})-PBD. 

(k) a (49, {3,6})-PBD. 

7.2 Suppose that a TD (k,t) exists, and let 2 < u < k. Prove that a (k(t — 
1) + u, {k,k — 1 ,t,t— 1, 2*})-PBD exists. 

Hint: Delete points from a block of the given transversal design. 

7.3 U sing the facts that R3 is PBD-closed, 3 € R3, and a(9,3,l)-BIBD exists, 
construct a (19, 3, 1 )-BI BD. 

7.4 Given any ( v , 3, 1 )-BI BD, say (X, A), describe how to construct a ( 2v + 
1, 3, 1)-BIBD, say (Y,£>), where X C Y and AC B. 

7.5 Suppose there is a GDD, say (X, Q, A), such that all blocks have size k 
and all groups have size m. Denote |X| = v. Prove that the following 
hold: 

(a) v = 0 (mod m), 

(b) v > mk, 

(c) v — m = 0 (mod k — 1), and 

(d) v(v — m) = 0 (mod k 1 —k). 
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7.6 A GDD is resolvable if the set of blocks of the GDD can be partitioned 
into parallel classes. Prove that every group in a resolvable GDD has 
the same size. 

7.7 Use any method you wish to construct a (15,3, 1)-BIBD, and then con- 
struct a 3-frame on seven holes from this BIBD. 

7.8 (a) Prove that 6 g B({3,4}). 

(b) Prove that B ({3, 4}) C {n > 3 : n = 0, 1 (mod 3)}. 

(c) Give a complete proof that 

B({3,4}) = {n > 3 : n = 0, 1 (mod 3 ),n ^ 6}. 

7.9 Let K — {3, 4, 5, 6, 8}. Assume that there exists a (v, fC)-PBD for all 3 < 
v < 25. Then use (truncated) transversal designs and induction to give 
a complete proof that there exists a ( v , fC)-PBD for all v > 3. 

Hint: Use the fact that a TD(4, n) exists for all positive integers n / 2, 6. 

7.10 (a) A GRS(zz, 2, 1), say P, is standardized if there exists a special sym- 

bol, say oo, such that oo occurs in the cells on the main diagonal 
of R. Prove that any GRSfz', 2, 1) can be transformed into a stan- 
dardized GRS(z;,2, 1) by means of an appropriate permutation 
of the columns of R. 

(b) Define S = {v — 1 : a standardized GRSfz', 2, 1 ) exists}. Prove 
that S is PBD-closed. 




8 



Pairwise Balanced Designs II: Minimal Designs 



In the previous chapter, we studied constructions of pairwise balanced de- 
signs whose block sizes are required to be elements of a specified set of inte- 
gers. In this chapter, we consider the problem of determining the minimum 
number of blocks in pairwise balanced designs in which the maximum size 
of a block is specified or in which the size of a particular block is specified. 

For a pairwise balanced design, (X, A), we will generally denote b = \A\ 
(i.e., b is the number of blocks in the PBD). 



8.1 The Stanton-Kalbfleisch Bound 

Theorem 8.1 (Stanton-Kalbfleisch Bound). Let k and v be integers such that 
2 < k < v. Suppose there is a (v, {2, . . . , v — 1})-PBD in ivhich there exists a block 
containing exactly k points. Then 



b > SK (k,v) = 1 + 



k 2 (v — k) 
v — 1 



Proof. Suppose that (X, .4) is a (v, {2, . . . , v — 1})-PBD such that A € A is 
a block containing exactly k points. Denote the blocks of A by A \, . . . , A b , 
where A\, = A. 

Now construct a set system (Y, B ) by deleting all the points in the block 
A], as follows: 



Y = X\A b , 

Bj = Aj\A b , 1 < i < b — 1, and 
B = {Bi : 1 < i <b- 1}. 

(Y, B) is a set system with v — k points and b — 1 blocks in which every pair 
of points occurs in a unique block. (This set system may contain blocks of 
size one, so it need not be a PBD.) 
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For 1 < i < b — 1, denote k\ = |B,-|. Note that kj = |A,| or k; = |A;| — 1 for 
1 < i < b — 1. Furthermore, k t = |A,-| — 1 if and only if A/ intersects A/, in a 
point. 

Denote the points in Y by i/ ; , 1 < j < v — k. For 1 < j < v — k, define 
Tj = { Bj G B : i/j £ B/}|. Then a straightforward generalization of Theorem 
1.8 shows that 

b — 1 v—k 

(s- 1 ) 

»‘=i ;=i 

Now, in the pairwise balanced design (X, A), every point yy must occur 
in a unique block with each of the points in Aj,. Flence r ( > k for all /', 1 < / < 
v — k. Substituting into (8.1), it follows that 

6-1 

J^ki>k(v-k). (8.2) 

! = 1 



Every pair of points in Y occurs in exactly one of the B/'s, so it follows that 



J2 k i( k i- 1) = (v-k)(v-k- 1). 
! = 1 

Denote the mean of the integers k \, . . . , to be 




(8.3) 



(8.4) 



Now we study the quantity 



s = Ete-*) 2 - 

i=i 

We can use equations (8.3) and (8.4) to derive a formula for S: 

S = fc £k ; 2 -2k£k ; +(fc-l)(k) 2 

i=l i=i 

= E - !) - (2fc - 1) E fci + (fc - i)(fc) 2 
1=1 1=1 

= (o - fc)(p - k - 1) - (2k- 1 )(b - l)(k) + (b - l)(k) 2 
= (z; — k)(v — k — 1) — (b — 1 )k(k — 1). 

Also, we observe that S is a sum of nonnegative terms, so clearly S > 0. 
Therefore we have that 

0 < (p - k)(v - k - 1) - (b - 1 )k(k - 1). (8.5) 




8.1 The Stanton-Kalbfleisch Bound 181 



We have that k > 1 because k, > 1 for all i, and hence, from (8.2), we have 
that 

'k{v — k)\f k( v - k) 



b- 1 



k(k — 1) > 

Substituting into (8.5), we obtain 

0 < (v — k)(v — k — 1) — (b — 1) 



b- 1 



-1 



/ k( v — k)\/ k(v - k) 

V b - 1 y ^ fc-i 



-i . 



Dividing by a factor of v — k and simplifying, we obtain 

k 



0 < v — k— 1 — 



fe -1 



(k(v-k) - (fe-1)) 



= z; — t — 



1 _ k 2 (v - k) 



Hence, 



b- 1 



> 1 + 



A: 2 (z? — fc) 
o — l 



When 2 < k < V — 2, the case of equality in the bound above can be 
characterized in a very nice way. We prove the following theorem. 

Theorem 8.2. Suppose that k and v are integers such that 2 < k < v — 2. Then 
there is a (v, {2,...,v — 1})-PBD with SK (k, v) blocks and having a block contain- 
ing exactly k points if and only if there is a resolvable (v — k,(v — 1 )/k, 1)-BIBD. 

Proof. Suppose there is a (v, {2, 1})-PBD with SK(fc, v) blocks and 

having a block containing exactly k points. We use the same notation as in 
the proof of Theorem 8.1. Since all inequalities in the proof of Theorem 8.1 
must be equalities, the following conditions hold: 

• b — 1_= k 2 (v — k)/(v - 1), 

• ki = k = k( v — k)/(b — 1) for 1 < i < b — 1, and 

• j- • = k for 1 < j < v — k. 

These conditions imply that k(v — k)/(b — 1) = (v — l)/k. Because v > k + 1, 
it follows that v — k > (v — T)/k > 1, and therefore the set system (Y, B) is a 
(v — k,(v — l)/k,l)-BIBD. 

We now show that (Y, B) is resolvable. For each point x G A b , let A(x) 
denote the blocks in A that contain the point x, and let B(x) denote the cor- 
responding blocks in B (obtained by deleting x from each block in A(x)). It 
is obvious that each set of blocks B(x) is a parallel class. Furthermore, every 
block in B is in exactly one of these k = r parallel classes (if there were a block 
B, in B that is not in one of these parallel classes, then each point in B, would 
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occur in more than r blocks, a contradiction). Therefore we have a resolution 
of (Y,B). 

Conversely, suppose (' Y,B ) is a resolvable (v — k, (v — l)/k, 1)-BIBD for 
some integers v and k such that 2 < k < 0-2. This BIBD is a (v',b',r',k',l)- 
BIBD, where 



v' = v — k, 



r' = k, and 
y = k 2 (v-k ) 
o — l 

If we apply Lemma 7.3, then we obtain a (o' + r', {k 1 + 1, r'})-PBD having 
b' + 1 blocks, where r' = (o' — 1)/ (k' — 1). This pairwise balanced design has 
o points, SK(k, o) blocks, and a block of size k, as desired. □ 

For o > 4, a near-pencil is a (o, {2, o — 1})-PBD, say (X, A), in which A 
contains one block of size o — 1 and o — 1 blocks of size two. A near-pencil 
on three points contains three blocks of size two. For all integers o > 4, a 
near-pencil on o points exists, and it has o = SK(o — 1, o) blocks. 

Given a near-pencil, the set system ( Y ,B ) (constructed in the proof of 
Theorem 8.2) would have one point and blocks of size one. It is not a BIBD, 
which is why we required that v > k + 2 in Theorem 8.2. 

Definition 8.3. Let g k (v) denote the minimum number of blocks in any (v,K, 1)- 
PBD in zvhich the largest block has size equal to k. 



Define the function 



C (k,v) = 



2 

V A — V 



k 2 -k' 

Then we have the following upper bound on g k (v). 

Theorem 8.4. 

g k (v) > max{C(k, o),SK(k, z;)} . 



Proof. Suppose that (X, .4) is a pairwise balanced design on v points, having 
b blocks and such that the largest block has size k. First, Theorem 8.1 shows 
that b > SK (k,v). Second, it is a simple matter to see that b > C(k, v) because 
every block in A contains at most ( ! f) pairs and all the blocks together contain 
( 2 ) pairs. Finally, because b > SK (k, v) and b > C (k, v), it follows that b must 
be at least as big as the maximum of these two numbers. □ 
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8.1.1 The Erdos-de Bruijn Theorem 

We next state and prove a famous theorem, due to Erdos and de Bruijn, that 
characterizes the nontrivial pairwise balanced designs with A = 1 having the 
minimum possible number of blocks. 

Theorem 8.5 (Erdos-de Bruijn Theorem). Let (X, A) be a (v, {2, . . . , v — 1})- 
PBD, and suppose that the number of blocks in the PBD is denoted by b. Then b > v. 
Furthermore, b = v if and only if (X, A) is a projective plane or a near-pencil. 

Proof. Let k be the size of the largest block in (X, A). If k 2 — k + 1 < v, then 
k(k — 1) <17 — 1, and hence 



C (k,v) 



v{v — 1) v{v — l) 
k(k — 1) > v — 1 



In this case. Theorem 8.4 implies that b > v. Therefore we can assume that 

k 2 — k + 1 > v > k + 1. 

Now, let us consider the conditions under which SK (k, v) < v: 




SK (k,v) < v 
k 2 {v-k) < (v — l) 2 
v 2 - (k 2 + 2)v + k 3 + 1 > 0 
(v - (k + 1 )) (v - (k 2 - k + 1)) > 0. 



( 8 . 6 ) 



Given that k 2 — k + 1 > v > k + 1, the inequality (8.6) holds if and only if 
v = k + 1 or v = k 2 — k + 1. In other words, for k 2 — k + 1 > v > k + 1, 
SK (k, v) > v, and SK (k, v) = v only iiv = k + lorv=k 2 — k + 1. We further 
consider these two possible cases as follows: 

1. If v = k + 1 and b = v, then (X, A) is a near-pencil. Conversely, if (X, A) 
is a near-pencil, then b = v. 

2. Suppose v = k 2 — k + 1 and b = v. If k = 2, then v = 3 and we have a near- 
pencil. Therefore we can assume that k > 3, and we will show that (X, A) 
is a projective plane of order k — 1 as follows. Theorem 8.2 implies that 
the design obtained by deleting a block of size k is a (v — k, (v — l)/k, 1)- 
BIBD. This design is a (( k — 1 ) 2 ,k — 1,1)-BIBD; i.e., an affine plane of 
order k — 1. Therefore (X, A) is a projective plane of order k — 1. Con- 
versely, if (X, A) is a projective plane of order k — 1, then it has a longest 
block of size k, and b = v. 



This completes the proof. 



□ 



The proof of Theorem 8.5 was algebraic. It is possible to give a proof 
of this result that is more analytic in nature. We illustrate this approach by 
graphing the function max {C(k, v), SK(k, u)} when f = 21 in Figure 8.1. This 
function is graphed for real values of k ranging from 2 to 20. 

Several observations may be made from this graph that can then be gen- 
eralized to arbitrary v. We list these observations now. 
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Fig. 8.1. Lower Bounds on g k ( 21) for 2 < k < 20 



Lemma 8.6. Suppose that k and v are real numbers such that 2 < k < v — 1. Then 
the following hold. 

1. If k 2 — k + 1 < v, then C(k,v) > SK (k,v); and if k 2 — k + 1 > v, then 
C(k,v) < SK(fc, v). 

2. When k 2 — k + 1 = v (i.e., when k = (—1 + \/4v — 3)/2, it holds that 

= SKlk.v) = v. 

3. For k >2, v(v — 1)/ ( k(k — 1)) is a decreasing function ofk. 

4. For 2 < k < v — 1, SK (k,v) attains its maximum when k = 2v/3; SK (k,v) is 
an increasing function ofk when 2 < k < 2v/3; and SK (k,v) is a decreasing 
function ofk when 2v/3<k<v — 1. 

5. SK(z; - l,v) = v. 

These properties are sufficient to give an alternate proof of Theorem 8.5; 
we leave the details of this proof (and the proofs of the above-mentioned 
properties) to the reader. 
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8.2 Improved Bounds 



A strengthening of the Stanton-Kalbfleisch bound was given by Stinson. We 
prove this result now. 

Theorem 8.7 (Stinson Bound). Let k and v be integers such that 2 < k < v. 
Suppose there is a (v,{2, . . . ,v — 1})-PBD in which there exists a block containing 
exactly k points. For any integer t, define 



f(t r k,v) 



1 + (v-k) 



k(2t + 1) — (p — 1) 
t 2 + t 



Then b > f(t,k,v). 

Proof. We use the same notation as in the proof of Theorem 8.1. The proof is 
again based on (8.2) and (8.3). Let t be an integer and consider the quantity 



S = 



E(*i-0(*«-(f+i)). 



i=l 



We use equations (8.2) and (8.3) to derive an upper bound on S: 



S = £ k 2 - (2t + 1) £ ki + (b - 1) (f 2 + t) 

i=\ i = 1 



6- 1 



6-1 



= 'Ek i (k i -l)-2t£k i + (b-l)(t 2 + t) 

i = 1 i = 1 



< (v — k)(v — k — 1) — 2 tk(v — k) + (b — l)(t 2 + t). 



S is a sum of nonnegative terms, so clearly S > 0. Therefore we have that 

0 < (v — k)(v — k — 1) — 2tk(v — k) + (b — l)(t 2 + t). (8.7) 



Rearranging (8.7), the desired bound is obtained. □ 

Theorem 8.8. Let t, k, and v be integers such that 2 < k < v. Then the function 
f(t,k,v) is maximized when t = Lt^J- 

Proof. We compute 



f(t,k,v) - f(t - 1 ,k,v) 

'k(2t + l)-(v-l) k(2t - 1) - (v - 1) 



= (v-k) 
' v — k 

T~ 



t(t + 1) f(f-l) 

Jfc(2f + 1) - (v-l) k(2t — 1) — (u — 1) 



t + 1 



t - 1 



It therefore follows that 
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f(t, k,v) > f(t - 1 ,k,v) 
k(2t + 1) - (p - 1) ^ k(2t - 1) - (p - 1) 
t + 1 “ t - 1 

(k(2t + 1) - (p - l))(f - 1) > (k(2t - 1) - (p - l))(f + 1) 

(p - l)(2f + 1 - (2f - 1)) > fc((2f - l)(f + 1) - (2f + l)(f - 1)) 
2(p — 1) > 2 tk 



Because f is an integer, it follows that f(t, k, v) is maximized when t = | . 

□ 



For future reference, define St (k,v) = 

Theorem 8.9. St(fc, p) > SK(k,v) for all integers k and v such that 2 < k < v. 
Furthermore, St (k,v) = SK (k,v) if and only ifv — 1 = 0 (mod k). 

Proof. We consider the conditions under which /(f, k, v) > SK(A:, v). We have 
that 



f(t,k,v) > SK (k,v) 

k(2t + 1) — (v — 1) A: 2 

f 2 + t ~ v -l 

k 2 (t 2 + t) < (v - l)(A(2f + 1 ) - {v - 1)) 
(. k(t + 1 ) - (p - 1 ))(kt - (p - 1 )) < 0 

v — 1 p — 1 

— 1 < t < 



This last inequality is satisfied when t = anc ^ therefore it follows that 

St(jfc,p) > SK(k, v). It is also easy to see that St (k, v) = SK(A, p) if and only if 
(p — 1 ) /k is an integer. □ 



We can prove yet another bound based on the same inequalities. This 
bound is a strengthening of the inequality b > C(k, v), which applies when 
the longest block has size k (this inequality was derived in the proof of The- 
orem 8.4). 



Theorem 8.10. Let k and v be integers such that 2 < k < v. Suppose there is a 
(p, {2, . . . , p — 1})-PBD in ivhich the largest block contains exactly k points. Then 



b > C*(k,v) = 



(2 (k 



- 1 ) 



V — l 

, k ~ l , 
k 2 -k 



— (p — 1 
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Proof. Let (X, A) be the hypothesized PBD. Denote the blocks A\,...,A 
and define kj = |A/|, for 1 < i < b. Let the points be denoted x\, . . . ,x v , and 
define r, = |{i : Xj <E Aj}\ for i <j<v. 

Using the fact that all blocks have size at most k, it is easily seen that 
Tj > (v — l)/(k — 1), 1 < j < v. Every r ; is an integer, so 



T i - k- 1 



Therefore we have the inequality 

b 

E fc i> 



Every pair of points occurs in exactly one block, so it follows that 



1) =v(v-l). 



Now, consider the quantity 



S=Y J ( k i-(k-l))(k i -k). 



Proceeding as in the proof of Theorem 8.7, we use equations (8.8) and (8.9), 
and the fact that S > 0, to derive an upper bound on S: 

b b 

S = E ki 2 - {2k - 1) E ki + b{k 2 - k) 

j=l i = 1 

= Ek ; (k,-l)-(2k-2)Ek ! + Kk 2 -k) 

1=1 ! = 1 

< v{v — 1) — 2{k ~ l)v ^ ^ +b{k 2 -k). 

This yields the desired bound on b. □ 

Theorem 8.11. C *{k,v) > C (k,v) for all integers k and v such that 2 < k < v. 
Furthermore, C *{k,v) = C (k,v) if and only ifv — 1 = 0 (mod k — 1). 

Proof. 

C(k,v) > C(k,v) 

v (2{k — 1 ) yzj - {v - 1 )) ^ v 2 _ v 

k 2 -k - k 2 -k 



2{k — 1) 



- (v - 1) > v — 1 



v — 1 ] ^ v — \ 

k- 1 - fc — 1* 
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This last inequality is true for all v and k, and equality holds if and only if 
(v — 1) / (k — 1) is an integer. □ 

8.2.1 Some Examples 

We illustrate the application of the bounds above in determining values g k (v) 
for small k and v. To be specific. Table 8.1 is a table of values of g k ( v) for 3 < 
v <9. For each v, we look at all integers k such that 2 < k < v — 1. We tabulate 
the values of the four lower bounds SK (k,v), St (k,v), C(k,v),and C *(k,v). (It 
is of course unnecessary to include the values of SK (k, v) and C (7c, v) because 
we have proven that St (k,v) > SK(k, v) and C *(k,v) > C (k,v). We include 
all four values mainly for the purposes of illustration so that the bounds can 
easily be compared.) We also include the exact value of g k (v). 



k v SK 


St 


C 


c* 


g k (v) 


2 3 3 


3 


3 


3 


3 


2 4 11/3 


4 


6 


6 


6 


3 4 4 


4 


2 


10/3 


4 


2 5 4 


4 


10 


10 


10 


3 5 11/2 


6 


10/3 


10/3 


6 


4 5 5 


5 


5/3 


10/3 


5 


2 6 21/5 13/3 


15 


15 


15 


3 6 32/5 


7 


5 


7 


7 


4 6 37/5 


8 


5/2 


7/2 


8 


5 6 6 


6 


3/2 33/10 


6 


2 7 13/3 13/3 


21 


21 


21 


3 7 7 


7 


7 


7 


7 


4 7 9 


10 


7/2 


7/2 


10 


5 7 28/3 


10 21/10 


7/2 


10 


6 7 7 


7 


7/5 49/15 


7 


2 8 31/7 


9/2 


28 


28 


28 


3 8 52/7 23/3 


28/3 


12 


12 


4 8 71/7 


11 


14/3 


22/3 


11 


5 8 82/7 


13 


14/5 


18/5 


13 


6 8 79/7 


12 28/15 52/15 


12 


7 8 8 


8 


4/3 68/21 


8 


2 9 9/2 


9/2 


36 


36 


36 


3 9 31/4 


8 


12 


12 


12 


4 9 11 


11 


6 


15/2 


12 


5 9 27/2 


15 


18/5 


18/5 


15 


6 9 29/2 


16 


12/5 


18/5 


16 


7 9 53/4 


14 


12/7 


24/7 


14 


8 9 9 


9 


9/7 45/14 


9 



Table 8.1. Values of g k {v) for Small k and v 
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With one exception, it can be verified that every value of g k (v) in Table 
8.1 is the ceiling of the maximum of the four lower bounds. In these cases, 
it suffices to give a construction of a PBD with the appropriate number of 
blocks. 

The one exceptional parameter situation is when k = 4 and v = 9, where 
we claim that 

S' 4 (9) = 12 = rmax{SK(4,9),St(4,9),C(4,9),C*(4,9)}l+l. 

In order to prove that g 4 ( 9) = 12, we need to construct a PBD with 12 
blocks as well as prove that no PBD with 11 blocks exists. We can prove 
that y 4 ( 9) / 11 by referring to Theorem 8.2. Note that SK(4,9) = 11, so there 
exists a (9, {2, ...,8})-PBD having a block of size four if and only if there is 
a resolvable (5, 2, 1)-BIBD. This is clearly impossible because 5^0 (mod 2). 
Hence, we conclude that y 4 (9) >11. 

For the values of k and v considered in Table 8.1, the construction of PBDs 
with g k (v) blocks is not too difficult. Several parameter situations can be han- 
dled by similar constructions. For example, the block sets of the PBDs with 
k = 2 consist of all 2-subsets of points; and the PBDs with k = v — 1 are 
near-pencils. 

When k = v 2, it is always possible to take a block B of size v — 2, 
a block of size three intersecting B, and take all remaining blocks to have 
size two. This yields a PBD with 2v — 4 blocks. It is also easy to verify that 
St(p — 2, v) = 2v — 4 for all v > 4. Therefore g v ~ 2 (v) = 2v — 4 for all v > 4. 

The remaining cases have 3 < k < v — 3. These PBDs can be constructed 
fairly easily by trial and error, and we list appropriate block sets in Table 8.2. 



k v b blocks 

T6~7 { 123, 145, 246, 356, 16, 25, 34} 

3 7 7 (7,3,1)-BIBD 

4 7 10 {1234,156,257,367,17,26,35,45,46,47} 

3 8 12 {013 mod 8} U {04, 15, 26, 37} 

4 8 11 { 1234, 1567, 258, 368, 478, 26, 27, 35, 37, 45, 46} 

5 8 13 { 12345, 167, 268, 378, 18, 27, 36, 46, 47, 48, 56, 57, 58} 

3 9 12 (9, 3,1)-BIBD 

4 9 12 {1234, 1567, 189, 258, 368, 478, 269, 379, 459, 27, 35, 46} 

5 9 15 {12345,167,189,268,279,369,378} U {ij : i = 4, 5; 6 < ; < 9} 

6 9 16 {123456, 178, 279, 389, 19, 28, 37} U {ij : 4 < i < 6; 7 < ; < 9} 

Table 8.2. Block Sets of some PBDs with b = Blocks 
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8.3 Minimal PBDs and Projective Planes 

In this section, we consider the problem of determining the minimum num- 
ber of blocks in a (v, {2 , . . . ,v — 1})-PBD that is not a near-pencil. Equiva- 
lently, what is the minimum number of blocks in a (v, {2 , . . . ,v — 2})-PBD? 
Let us denote this quantity by b* (z;) . Note that 

b*(z?) = minjy^z;) : 2 < k < v — 2}. 

Clearly v > 4 is necessary in order for b* (v) to be defined. The following 
values of b* ( v ) for 4 < v < 9 are easily determined from Table 8.1. We record 
these values in the next lemma. 

Lemma 8.12. b*(4) = b*(5) = 6, b*(6) = b*(7) = 7, b*(8) = 11, and b*(9) = 

12 . 

Lemma 8.13. For all integers v > 4, it holds that b*(z; + l) > b*(p). 

Proof. The stated result is true for v = 4 by Lemma 8.12, so we will assume 
that v > 5. Let (X,A) be a (v + 1, {2, . . .,v — 1})-PBD containing b*(z; + 1) 
blocks. Let A denote a block in A having maximum cardinality. Let x G A, 
and delete x from all blocks in A. If any blocks of size one are created by this 
process, then delete them. This creates a PBD, say (X\{x\, B), on v points, 
having at most b*(p + 1) blocks. 

If we can show that there are no blocks of size v — 1 in £>, then we will 
be done. Suppose that B e B has cardinality v — 1. Then there are at least 
two blocks of cardinality v — 1 in (X, A), namely A and B. |A n B\ < 1, so 
\A U B| > 2v — 3. However, |A U B| < v + 1, so v < 4. This contradicts the 
assumption that v > 5, and the proof is complete. □ 

Lemma 8.14. Suppose that v > 6 and suppose that ko = (1 + \/Au — 3)/2. Denote 
k\ = [ko] and k 2 = [ko] - Then 

b*(o) > min{C(k 1 ,z;),SK(A: 2 ,^)/SK(z; — 2,v)}. 

Proof. For v > 6, it holds that ko < 2v/3 < v — 2. Therefore the result follows 
from Lemma 8.6. □ 

Theorem 8.15. Suppose that n > 2 and v are integers such that n 2 + 2 < v < 
n 2 + n + 1. Then b*(z?) > n 2 + n + 1. Furthermore, b*(z;) = n 2 + n + 1 if there 
exists a projective plane of order n. 

Proof. First, we apply Lemma 8.14 with v = n 2 + 2. We have k\ = n and 
k 2 = n + 1. Then 

C(k lr v) = C{n,n 2 + 2) 

2 . 4 n + 2 

= n A + n + 4 H — ^ 

n A — n 



> n 2 + n; 
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SK(k 2 ,v) = SK(« + 1, n 2 + 2) 

9 2 



= n + n 



T 2 + 1 



> rr + «; and 



SK(z? — 2,v) = SK (n 2 , n 2 + 2) 



= 2n 2 — 1 



> n + n. 



i 2 + 1 



Hence, b*(« 2 + 2) > n 2 + n. Because b* is an integer-valued function, it 
follows that b* (n 2 + 2) > n 2 + n + 1. Then Lemma 8.13 implies that b*(z;) > 
n 2 + n + 1 for all v > n 2 + 2. 

Now suppose there is a projective plane of order n and n 2 + 2 < u < 
n 2 + n + 1. We can delete any n 2 -f n + 1 - v points from the projective plane 
and obtain a PBD on v points having n 2 + n + 1 blocks that is not a near- 
pencil. □ 

Lemma 8.16. Suppose that v > 6, and let ko = (1 + \/Av — 3)/2. Denote k\ = 
[koj kx = \k 0 ]. Then 

b*(i>) > min{C(ki — l,v),C*(ki,v),St(k 2 ,v),SK(k 2 + l,o),SK(i7 — 2,v)}. 

Theorem 8.17. Suppose that n > 2 and v are integers such that n 2 — n + 3 < 
v < n 2 + 1. Then b*(o) > n 2 + n. Furthermore, b* (z?) = n 2 + n if there exists a 
projective plane of order n. 

Proof. From Lemma 8.12, we have that b*(5) = 6 and b*(9) = 12. Projective 
planes of orders 2 and 3 exist, so the theorem is true when n = 2, 3. Therefore 
we can assume that n > 4. 

We apply Lemma 8.16 with v = n 2 — n + 3. We have k\ = n and k 2 = n + 1. 
Then 



C(ki — l,v) = C (n - 1, n 2 - n + 3) 



= n 2 + n + 7 + 



> n 2 + n — 1 ; 



14« — 8 



( n — 1 ){n — 2) 



C*(ki,v) = C *(n,n 2 - n + 3) 



9 , 6n-12 

= n +n — 1-1 = 



> n 2 + n — 1; 

St(k 2 / v) = St (n + 1, n 2 — n + 3) 



= n 2 + n — 1 



> n 2 + n — 1; 



2 n — 6 



(n — l)(n — 2) 
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SK(k 2 + 1, v) = SK (n +2 ,n 2 — n +2) 

2 „ „ 12m -8 

= n l + 3n — 1 ~ - 

n z — n + 3 



> n 2 + n — 1; and 

SK(b — 2,v) = SK(n 2 — « + 1, n 2 — n + 3) 



= 2n 2 — 2n + 1 + 



> n 2 + n — 1. 



h 2 — n + 2 



Hence, b* (rr — n + 3) > n 2 + n 1 . Because b* is an integer-valued function, 
it follows that b*(w 2 —n + 3) > n 2 + n. Then Lemma 8.13 implies that b*(f) > 
n 2 + n for all v > n 2 — n + 3. 

Now suppose there is a projective plane of order n, and n 2 — n + 3 < v < 
n 2 + 1. We can delete n points from any block A of the projective plane, delete 
A, and delete any n 2 + 1 — v additional points. We obtain a PBD on v points 
having n 2 + n blocks that is not a near-pencil. □ 

Theorem 8.18. Suppose that n > 3. Then b *{n 2 — n + 2) > n 2 + n — 1. Fur- 
thermore, b*(n 2 — n + 2) = n 2 + n — 1 if there exists a projective plane of order 
n. 



Proof. First, we apply Lemma 8.16 with v = n 2 — n + 2. We have k\ = n and 
ki = n + 1. Then 



C(fci - l,v) 


= 


C (n — 1 ,n 2 - 


- « + 2) 








lOn - 8 




— 


tr + n + 5 + 


(■ n — 1 )(n — 




> 


n 2 + n — 2; 




C(k lr v) 


= 


C *(n, n 2 — n 


+ 2) 








4« — 6 




= 


n +n — 1 + 


o 








— « 




> 


n 2 + n — 2; 




St (k 2r v) 


= 


St(n + 1, n 2 - 


- n + 2) 




= 


n 2 + n — 1; 




SK(k 2 + l,v) 


= 


SK(« + 2, n 2 


- n + 2) 








13n — 2 




— 


n 1 + 3n — 1 - 










« 2 — « + 1 




> 


« 2 + n — 2; 


and 
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SK(z; — 2,v) = SK(« 2 — n,n 2 — n + 2) 



= 2n z — 2n — 5 



> n z + n — 2. 



n 2 — n + 1 



Hence, b *{n 2 — n + 2) > n 2 + n — 1. 

Now suppose there is a projective plane of order n, and let A\ and A? 
be any two blocks in this design. A\ and A 2 intersect in a point, say x. Pick 
a point Xj G Ai\{x} and a point x 2 G A 2 \{x}. Delete all the points in A\ 
and A'i except for X\ and X 2 , and then delete A\ and /L. We obtain a PBD on 
n 2 — n + 2 points having n 2 + n — 1 blocks that is not a near-pencil. □ 

Summarizing the results in this section, we have the following theorem. 

Theorem 8.19 (Erdos, Mullin, Sos, and Stinson). Suppose that v > 5 is an 

integer. Then b* (zz) > B(v), where 

{ n 2 + n + 1 if n 2 + 2<v<n 2 + n + l 
n 2 + n ifn 2 ~n + 3<v<n 2 + l 
n 2 + n — 1 if v = n 2 — n + 2. 

Furthermore, b* (zz) = B (v) if there exists a projective plane of order n, where 
n 2 — n + 2<v <n 2 + n + 1. 



8.4 Minimal PBDs with A > 1 

We state and prove a theorem that generalizes Fisher's Inequality to non- 
trivial pairwise balanced designs. We already mentioned this result, in the 
special case of regular PBDs, in Theorem 1.34. Also, when A = 1, the next 
theorem follows from Theorem 8.5. 

Theorem 8.20. In any nontrivial (v, K, A)-PBD, b > v. 

Proof. We first prove the theorem for proper PBDs. We again use the proof 
technique introduced in Theorem 1.33. Let (X, A) be a (v, {2, ... , v — 1 }, A)- 
PBD, where X = {x\, . . .,x v j and A = {A \, . . . , A h }. For 1 <]<b, define 
kj = \Aj\, and for 1 < i < v, define 

n = I {j-xi e A ,} |. 

Let M be the incidence matrix of this PBD, and define s j to be the j th row 
of M T . Recall that S | , . . . , S/, are all t’-dimensional vectors in the real vector 
space IRA 
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Define S = (s ; : 1 < j < b} and define S = s parks, : 1 < j < b). As in 
Theorem 1.33, we will prove that S = R p , which implies that b > v. 

For 1 < i < v, define e, g R“' to be the vector with a "1" in the zth 
coordinate and "0"s in all other coordinates. We show that e, g S for 1 < i < 
v. 

First, we observe that 



b 

E8/ = (ri,...,r„). (8.10) 

;=i 

If we fix a value i, 1 < i < v, then we have 

E Sj = (r; — A)e; + (A, . . .,A). (8.11) 

{y-XieAj} 

Next, sum equation (8.11) over all z, 1 < z < v, to obtain 

E E s ; - = (r 1 ,...,r c ) + (A(iz-l),...,A(iz-l)). (8.12) 

1=1 {j.XiEAj} 

Equations (8.10) and (8.12) imply that (1, . . . , 1) g S: 



(1 1) 



1 

A(zz - 1) 



V 

E E s ; 

i=l {j.XiEAj} 




(8.13) 



We can now substitute this back into equation (8.11). Fix a value of z, 1 < i < 
v. Using the fact that r, > A (which follows because a proper PBD does not 
contain a block of size v), we obtain the following: 



e; 




E s/ 

H-XiSAj} 



1 

V — 1 



V 

E E s/ 

! =1 {j-XiSAj} 




(8.14) 



This implies that every basis vector e, g S, which completes the proof for 
proper PBDs. 

Now assume that (X, A) is a nontrivial PBD that contains exactly f > 
0 blocks of size v. Deleting these /' blocks, we obtain a proper PBD, which 
therefore must contain at least v blocks. This means that (X, A) has at least 
v + t blocks, and the proof is complete. □ 

A pairwise balanced design with one block size is a BIBD. Of course, sym- 
metric BIBDs are examples of (v, K, A)-PBDs with b = v. Examples of pair- 
wise balanced designs with b = v and having more than one block size can 
be constructed from symmetric BIBDs as follows. 

Theorem 8.21. Suppose there is a symmetric {v,k, A)-BIBD. Then there exists a 
(v, {k, v + 1 — k}, k — A)-PBD with b = v. 
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Proof. Suppose (. X,A ) is a symmetric (v,k, A)-BIBD. Letx € X be any point. 
Define B = B\ L) B 2 , where 



B 1 = {A e A : x £ A} 



and 

B 2 = {(X\A) U {*} : A e A,x € A}. 

Clearly B contains exactly v blocks, every block in B\ has size k, and every 
block in B 2 has size v + l—k. Therefore we need only to show that every pair 
of points occurs in exactly k — A blocks in B. 

For any y £ X, y f x, there are k — A blocks in A that contain x but do not 
contain y. These blocks give rise to the k — A blocks (all in B 2 ) that contain 
x and y. Now consider two points y,y' € X\{x}. Suppose that there are u 
blocks in A that contain y, y' , and x. Then there are A u blocks in A that 
contain y and y' but not x. These blocks yield A — y blocks in B\ that contain 
y and y' . Also, there are k — 2A + y blocks in A that contain x but neither y 
nor y' . These blocks yield k - 2 A + y blocks in B 2 that contain y and y' . In 
total, we have k — A blocks in B that contain y and y' . □ 

Example 8.22. {1, 3,4, 5,9} is an (11, 5, 2) -difference set in This difference 
set generates a symmetric (ll,5,2)-BIBDin which the points are the elements 
of Zn- Take x = 0; then the blocks of the symmetric (11,5, 2)-BIBD are trans- 
formed as follows: 



{1,3,4, 5,9} 
{2,4,5,6,10} 
{3, 5, 6, 7,0} 
{4, 6, 7, 8,1} 
{5, 7, 8, 9, 2} 
{68,9,10,3} 
{7,9,10,0,4} 
{8,10,0,1,5} 
{9, 0,1, 2, 6} 
{10,1,2,3,7} 
{ 0 , 2 , 3 , 4 , 8 } 



{1,3,4, 5,9} 
{2,4,5,6,10} 
{0,1,2,4,8,9,10} 
{4, 6, 7, 8,1} 

{5, 7, 8, 9, 2} 

{6,8,9,10,3} 

{ 0 , 1 , 2 , 3 , 5 , 6 , 8 } 

{ 0 , 2 , 3 , 4 , 6 , 7 , 9 } 

{0,3,4,5,7,8,10} 

{10,1,2,3,7} 

{0,1,5,6,7,9,10}. 



I 

Example 8.23. For any v > 4, there exists a symmetric (v, v — l,v — 2)-BIBD 
whose blocks are all the ( v - l)-subsets of a c'-set. If we apply the construc- 
tion of Theorem 8.21 to this BIBD, the reader can check that we obtain a 
near-pencil, which has blocks of size two and v — 1 . S 

The "A-design Conjecture" is that every pairwise balanced design with 
b = v either is a symmetric BIBD or can be constructed from a symmetric 
BIBD using Theorem 8.21. This conjecture is due to Ryser and Woodall and 
it remains open to this day, although many partial results are known. 
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Provided that k ^ (v + l)/2, the construction of Theorem 8.21 yields a 
pairwise balanced design with exactly two block sizes, and these block sizes 
sum to v + 1 . This property holds for any nontrivial pairwise balanced design 
with b = v that has two block sizes, as we show in the following theorem. 

Theorem 8.24 (Ryser-Woodall Theorem). Suppose (X, A) is a (v, K, A)-PBD 

ivith b = v that contains at least two block sizes. Then there are exactly tivo block 
sizes, say k\ and and k\ + A: 2 = v + 1. 

Proof. We use notation as in the proof of Theorem 8.20. First, we note that 
(X, .4) cannot contain any blocks of size v (this follows from the proof of 
Theorem 8.20). Hence, r; > A for all i, 1 < i < v. 

In this proof, we will use b in the context of blocks and v in the context of 
points. Of course b = zy as stated in the hypotheses. 

Fix i, 1 <i <v; then we can rewrite (8.11) as follows: 



1 

r { — A 



E s; 

{j-.XieAj} 



A 



r; — A 



(1 1 ). 



For any j, 1 <;< b, define 



c 



i 



E 

{v.XieAj} 



1 

r, — A 



(8.15) 



(8.16) 



Now we apply (8.15) and (8.16) as follows: 



E 


E ■ 


/= M 


v.XieAj} 


V 

El 

i = 1 


( 1 


\Ji- A 


V 


f 


E( 

i = 1 


e,'+ - 
v n 



1 



- A ; 






= 1 + aE 



y • — X 

i = 1 A , 



(1 1). 



Denoting 



we have the following: 



V 1 

C = 1 + AE_, 

l — I 1 



(1 1) = E c s i' 

i = 1 



(8.17) 
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Now we derive another expression for the vector (1, . . . , 1). Observe that 

E E s ; = E E »/ = Ei^-l»/- 

1=1 {j:XieAj} j = 1 {v.XjeAj} j = 1 

Therefore (8.13) implies the following: 



0 ') = a(FTI)E(AI-^ 



(8.18) 



Equations (8.18) and (8.17) give two expressions for the same vector as a 
linear combination of basis vectors (the vectors Si, . . . , Sj, form a basis because 
b = v). Therefore, corresponding coefficients in the two linear combinations 
must be identical, and it follows that 



for 1 < j < b. Denoting 



Cj \Aj\-l 
C \(v — 1) 

C 

7 = 



(8.19) 



M v — i ) ' 

we have that 

for all j, 1 < j <b, where 7 is a constant. 

We now fix an integer h, 1 < h < b, and sum (8.15) over all i such that 

Xj € Ajj. 



E 

{r.XieA h } 



1 



r~ A ^ 1 

r ’ A {jXieAj} 



r,- — A 



= E 

{i:XieA h } 

®/i T A Cji (1, . . . , 1 ) 



A 



(1 1) 



— s h + c h E 



K \Aj\ -1 



;=1 



-1 A 



s // 



where we apply (8.18) in the last line. 

On the other hand, we can evaluate the same double sum in a different 
way: 



E 

{i-.XjeA,,} 



r - A ’ 

r ’ A {j: Xi eAj} 



= E E 

j=l {i: Xi eA h nAj} 



1 



s;. 



— A 1 



Thus we have the following equation: 



s h + c h E S /-E E 

j 1 



r - - A ' 

7=1 {irATjeAfcnAy} 1 



( 8 . 20 ) 
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The coefficients of S / 7 must be the same on both sides of this equation, so we 
have that 

„ i , — 1 ) 

° h ~ + v-1 ' 

Substituting (8.19), we obtain the following: 



7 (\A h \-l) = l + 



7(|A/,|-1) 2 

17 — 1 



Denote x = |A;,| — 1. Simplifying, we get the following quadratic equation 
in x: 

x 2 — (v — \)x + 7 _1 (t7 — 1) = 0. (8.21) 

Since any block in the PBD has size x + 1, where x is a root of the quadratic 
equation (8.21), it follows that there are at most two block sizes. Since we 
hypothesized that there are at least two block sizes, we conclude that there 
are exactly two block sizes. 

In general, the sum of the roots of a quadratic equation x 2 + a \ x + a 2 - 0 
is equal to —ci\. Therefore the sum of the roots of (8.21) is equal to v — 1. This 
implies that the sum of the two block sizes in the PBD is equal to v + 1, as 
desired. □ 



8.5 Notes and References 

Theorem 8.5 was proven in 1948 by de Bruijn and Erdos [38]. Theorem 8.1 is 
due to Stanton and Kalbfleisch [99], and Theorem 8.7 is from Stinson [100]. 
Another important bound along these lines is the Rees Bound; see [85]. These 
various bounds are discussed and compared in Rees and Stinson [86]. 

Most of the results in Section 8.3 are adapted from Erdos, Mullin, Sos, 
and Stinson [44]. There is much literature on pairwise balanced designs with 
A = 1 having "few lines". The monograph by Batten and Beutelspacher [4] 
is a good source of additional information on this topic. 

Theorem 8.24 was proven independently by Ryser [90] and Woodall [125]. 
The A-design Conjecture has been widely studied; see Singhi and Shrikhande 
[97] and Ionin and Shrikhande [63, 64] for more information. 



8.6 Exercises 

8.1 Suppose that K C {n > 2 : « e Z} is a finite set. Denote the largest 
and smallest elements of K by k\ and k 2 , respectively. 

(a) Prove that there exists a (v, fC)-PBD only if v > k\ (£2 — 1) + 1- 

(b) Prove that there exists a (k-\ (k 2 — 1) + l,fC)-PBD if and only if 
there exists a resolvable (ki(k 2 — 2) + 1 ,k 2 — 1, 1)-BIBD. 

8.2 Suppose that v is fixed and 2 < k < v 1 is a real number. 
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(a) Prove that SK (k, v) attains its maximum when k = 2z> / 3. 

(b) Prove that SK (k, v ) = C(k, v) if and only if k 2 — k + 1 = v. 

(c) Assume that k 2 — k + l>v>k + l. Prove that SK (k, v) > v. 

8.3 Suppose there is a (v,{2, . . . ,v - 1})-PBD with St (k, v) blocks that has 
a block containing exactly k points. Prove that there are at most three 
different block sizes in this PBD. 

8.4 (a) Suppose that k is odd and v = 2k + 1. Prove that there exists a 

( v , {3,k})-PBD with SK(k,z;) blocks that contains a block of size 
k. 

(b) Suppose that k is even and v = 2k + 1. Prove that there does not 
exist any (v, fC)-PBD with SK (k,v) blocks that contains a block 
of size k. 

8.5 (a) Suppose that k + 1 < v < 2k. Prove that 



St (k,v) = 1 + 



(v — k)(3k - v + 1) 
2 



(b) Suppose that k + 1 < v < 2k and v — k is even. Use the exis- 
tence of a resolvable (v — k,2, 1)-BIBD to prove that there exists 
a (v, {2,3,A:})-PBD with St (k,v) blocks. 

Hint: An essential step of the proof is to form 2k — v +1 parallel 
classes of singletons on v — k points. 

(c) Suppose that k + 1 < v < 2k and v — k is odd. Use the existence 
of a resolvable (v — k + 1,2, 1)-BIBD to prove that there exists a 
(v, {2,3 / k})-PBD with St(k,v) blocks. 

Hint: Delete a point from the BIBD, and then proceed in a man- 
ner similar to (b). 

8.6 (a) Suppose that (X, A) is a (v,{2,. ..,v — 1})-PBD in which the 

largest block contains exactly k points and in which there are 
exactly C* (k, v) blocks. Prove that every block has size k or k — 1 . 

(b) Denote t = (v — 1) mod (k — 1) and suppose further that t ^ 0. 

Prove that every point x occurs in /c t 1 blocks of size k — 1 
and r — k + t + 1 blocks of size k, where r = [ ] . 

(c) Suppose there is a (v + 1 , k, 1 )-BIBD. Prove that there exists a 
(v, {2, . . . ,v — 1})-PBD in which the largest block contains ex- 
actly k points and in which there are exactly C *{k, v) blocks. 

8.7 Extend Table 8.1 to include all the cases when v = 10. For 2 < k < 9, 
determine the values of the four relevant bounds and the exact values 
oig k (W). 

8.8 Construct (v, {2, . . . , v — 2})-PBDs with B(v) blocks for 10 < v < 15. 

8.9 Use Theorem 8.5 to prove that the A-design Conjecture is valid when 

A = 1. 



8.10 (a) Prove that the only (v, k, 2j-PBD that can be constructed using 

Theorem 8.21 is a (7, {3, 5},2)-PBD with b = 7. 

(b) Construct the PBD described in part (a). 
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f-Designs and f-wise Balanced Designs 



9.1 Basic Definitions and Properties of t-Designs 

Definition 9.1. Let v, k, A, and t be positive integers such that v > k > t. A t- 
(v, k, A)-design is a design (X, A) such that the following properties are satisfied: 

1. \X\=v, 

2. each block contains exactly k points, and 

3. every set of t distinct points is contained in exactly A blocks. 

The general term t- design is used to indicate any t-(v,k, \) -design. 

Note that we allow a t-(v,k,X)- design to contain repeated blocks. (Of 
course, if A = 1, then there cannot be any repeated blocks in a t-(v,k, A)- 
design.) A t-(v,k, A)-design without repeated blocks is called a simple t- 
design. When A > 1, it is usually the case that constructing simple t-(v, k, A)- 
designs is more difficult than constructing nonsimple ones. 

If we take A copies of every k-subset of a i’-set, where k < v, we obtain 

a t-(v, k, A -design. This f-design is not very exciting; we refer to it as 
a trivial t-design. In general, we are interested in constructing nontrivial de- 
signs. 

Observe that a 2-(v,k, A)-design is just a (v,k, A)-BIBD. There are not 
nearly as many existence results known for f-designs with t > 2 as there 
are for BIBDs. We will be presenting some of the nicer construction methods 
for certain types of f-designs, but first we survey some basic properties of 
f-designs. 

The proof of the following theorem follows immediately from the defini- 
tion of a f-design. 

Theorem 9.2. Suppose that (X, A) is a t-(v,k, X)-design. Let Z C X, |Z| = i < t. 
Then (X\Z, {A\Z : Z C A € ^4}) is a (f — z)-( v — i,k — i, X)-design. 
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Example 9.3. It is known that there exists a 5-(12,6, l)-design (we will give a 
construction for this design in Example 9.29). Hence, from Theorem 9.2, there 
also exist 4-(ll,5, 1)-, 3-(10,4, 1)-, and 2-(9, 3, 1 (-designs. I 

The following result is proven in the same manner as Theorems 1.8 and 
1.9. 

Theorem 9.4. Suppose that (X,A) is a t-(v,k,X)-design. Suppose that Y C X, 
zvhere |Y| = s < t. Then there are exactly 



(k-s 

\t—S 

blocks in A that contain all the points in Y. 

Proof. Let A S (Y) denote the number of blocks containing all the points in Y. 
Define a set 



I={(Z,A) : ZC X,|Z| = t-s,YnZ = 0 , A e A,YUZ C A}. 

We will compute \I | in two different ways. 

First, there are (,~f) ways to choose Z. For each such Z, there are A blocks 
A such that Y U Z C A. Hence, 




On the other hand, there are A s (Y) ways to choose a block A such that Y C A. 
For each choice of A, there are ( k t Z s s ) ways to choose Z. Hence, 

Combining these two equations, we see that A S (Y) = A s , as desired. □ 

Observe that the number of blocks in a f-design is Ag = A(j)/(j) and 

each point occurs in Aj = A (jTJ) / Ct-l) blocks. In the case t = 2 (i.e., for a 
BIBD), Ao and A ] correspond to the parameters b and r, respectively. We will 
sometimes use the notations b and r for f-designs with other values of t as 
well. 

Example 9.5. In a 5-(12, 6 , l)-design, we have that Ag = 132, Aj = 66, A 2 = 30, 
A 3 = 12, A 4 = 4, and A 5 = 1. I 

The following is an immediate corollary of Theorem 9.4. 
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Corollary 9.6. Suppose that (X, A) is a t-(v, k, -design, and 1 < s < t. Then 
(X, A) is an s-(v, k, \ s )-design, zvhere 

\( v ~ 

A s = — 7^— 

s (k-s 
V t — s 

Theorem 9.4 can be generalized as follows. 

Theorem 9.7. Suppose that (X, A) is a t-(v, k, A {-design. Suppose that Y , Z C X, 
zvhere YnZ = 0, | Y| = i, \Z\ = j, and i+ j < t. Then there are exactly 







blocks in A that contain all the points in Y and none of the points in Z. 

Proof. First we consider the case where i = 0. Let Aq(Z) denote the number of 
blocks that contain none of the points in Z. Using the Principle of Inclusion- 

Exclusion, we will obtain a formula for Aq(Z). For any z € Z, define 

A z = {A e A : z e A}. 



Then, for any Zq C Z, j Zq | = h, it is clear that 



n Az 

z^Zq 



= A h ■ 



The Principle of Inclusion-Exclusion asserts that 



A \ ( U • /4zN ) 


= \{A e A : Anz = 0}| = (-i)' 201 


n Az 


VzeZ / 


ZqCZ 


zgZq 



From this, it follows immediately that 

•4( Z ) = £(-W'V 

h = 0 W 

Hence, Aq(Z) is a constant, say C (i.e., it is independent of the choice of 
Z). We have expressed C as a complicated-looking sum. C can be simplified 
using appropriate identities involving binomial coefficients; however, it is 
easier to proceed as follows. 

Define a set 



I — {{Zq ,A) : Zq C X, \Zq\ = j, A £ A, Zq D A = 0}. 
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We will compute | J| in two different ways. 

First, there are (p ways to choose Zq. For each such Zo, there are C blocks 
A such that Zq n A = 0. Hence, 



1*1 = c 




On the other hand, there are Ao ways to choose a block A, and for each choice 
of A, there are ( v ~ k ) ways to choose Zq. Hence, 



1*1 =A 0 




Combining these two equations, we see that 




Ag)C?) 

(?)(/) 

Art (v — k)\ (. k — t)\ t\ j\ (v — j)\ 
f! (v — t)\ j\ (v — k — j)\ k\ v\ 

A (v — k ) ! (. k — t)\ (v — j)\ 

(v — t)\ (v — k — j)\ k\ 

MV) 

' (V) ' 



as desired. 

Now we consider the case i > 0. This follows by applying the result 
proven above for i = 0 to the design (X\Y, {A\Y : Y C A G. A}), which 
is a (f — i)-(v — i,k — i, A)-design by Theorem 9.2. □ 

We have already mentioned that simple f-designs are, in general, more 
difficult to construct than nonsimple ones. We next present an easy noncon- 
structive proof that nontrivial f-designs exist for all permissible choices of 
t < k and all v > k+ t. (This proof does not yield simple designs, however.) 

Theorem 9.8. For all positive integers t,k , and v such that t < k < v — t, there 
exists a nontrivial t-(v,k, \)-design for some positive integer A. 

Proof. Let X be a z'-set, and let N = (f ) . Consider the N-dimensional vector 
space Q n in which the coordinates are indexed by the f-subsets of X. For 
each /c-subset A C X, define a vector s,i € Q N in which the entry in the 
coordinate corresponding to a f-subset Y C X is equal to 1 if Y C A and 0 
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otherwise. We obtain a set of (j() vectors in a ()’) -dimensional vector space. 
Since t < k < v — t, it follows that 




and hence there exists a linear dependence relation among this set of vectors. 
In other words, there exist rational numbers (A C X, \A\ - k) such that 

E *aSa = (0,...,0). 

ACX,\A\ =k 



Let D denote the least common multiple of the denominators of the numbers 
a a, and define ft a = for all A. Then 

E ]Ma = (0, 0), (9.1) 

ACX,\A\=k 



and the ft A 's are all integers. 

Clearly at least one of the ft A ’ s is negative. Hence, if we define M = 
m i n { ft ^ } , then M < 0. Now define A to be the collection of blocks where, 
for every A C X, \A\ = k, A occurs exactly ft A — M times in A (note that 
ft A - M > 0 for all A). 

It is not difficult to see that (X, A) is a t- ( v, k, A)-design. First, we observe 



that 



E s a 

ACX,\A\=k 




(9.2) 



this follows because, as we already observed, the set of all /c-subsets of a c'-set 
is a t-(v,k, (ED ) -design. Now, combining equations (9.1) and (9.2), we see 
that 

-“&-))• (93) 

Hence (X, A) is a t-(v, k, A)-design with A = — M (Ef) • Finally, (X, A) is non- 
trivial because ft A — M = 0 for at least one A. □ 



Example 9.9. We provide an illustration of Theorem 9.8 in the case t = 2, k = 
3. Suppose that v > 6. Then it is easy to check that 



s {1,2,3} + *{1,4,5} + *{2,4,6} + s {3,5,6} — S {1,2,4} + S {1,3,5} + s {2,3,6} + s {4,5,6}- 

Therefore we have found a dependence relation with M = — 1, and we can 
construct a nontrivial 2-(v, 3, v - 2)-design for all v > 6. 1 

In the next section, we look at some specific families of f-designs with t > 
3. We have already observed that 2-designs are BIBDs. Thus, there remains 
the case of 1-designs to be considered. However, it is not hard to show that 
these designs exist whenever the necessary conditions are satisfied. 
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Theorem 9.10. There exists a 1 -(v,k, A )-design if and only ifvA = 0 mod k. 

Proof. From Theorem 9.4, the number of blocks in a l-(v, k, A)-design is b = 
vA Ik, which must be an integer. Conversely, suppose b = v A/k is an integer. 
We will describe an easy construction for a l-(v, k, A)-design. 

Let n = gcd (k, A). Then A = uA ' and k = uk' , where gcd(A / ,A: , ) = 1. Now 
we have b = vA/k = vA ' /k' and gcd(A , ,A: / ) = 1, so it must be the case that 
v = 0 mod k! . Let v = sk' , where s is a positive integer. Then b = vA' /k' = 
sA'. 

Let X be a set of cardinality k ' , and define Y = Xx Z s . Then |Y | = v. Let 
A\, . . . , Ax' be A' arbitrary n-subsets of Z s . For 1 < i < A', define B, = X x A;. 
Then each B, is a k-subset of Y. Now develop each B; through Z s , obtaining 
a set of b blocks that contain every point in Y exactly A times. The result is a 
A)-design. □ 

Example 9.11. Suppose that v = 15, k = 9, and A = 6. Then b = 10, s = 5, 
k' = 3, and A' = 2. Suppose we take X = {x,y,z}, Aj = {0,1,2}, and 
A, = {0,1, 3}. Then 

Bi = {(*, 0), (y,0), (z, 0), (x, 1), (y, 1), (z, 1), (x,2), (y,2), (z,2)} 



and 



B 2 = {(x,0), (y, 0), (z,0), (x,l), (y, 1), (z, 1), (x,3), (y,3), (z,3)}. 

We obtain a total of b = 10 blocks from B\ and B? by developing the second 
coordinates modulo 5 (keeping the first coordinates fixed). In the resulting 
set of blocks, every element occurs A = 6 times. ® 



9.2 Some Constructions for f-Designs with t > 3 

We present some constructions for f-designs with t > 3 in this section. Our 
first result shows that certain resolvable BIBDs are automatically 3-designs. 

Theorem 9.12. A resolvable BIBD with v = 2 k is a 3-design. 

Proof. Suppose that (X, A) is a resolvable (2k, k, A)-BIBD. Let TT Z - be the par- 
allel classes for 1 < i < r. Each Ft, consists of two blocks, say Aj and A?. 

Let x, y, z € X, and define a\, « 3 , H as follows: 

flj = |{i : {x,y,z} C Aj, where / = 1 or2}|, 

a 2 — |{ ? : { x >y} C Aj and z ^ Aj, where / = 1 or 2} |, 

= \{i : {x,z} C Aj and y ^ Aj, where / = 1 or 2}\, and 

«4 = |{i : {y,z} C Aj and x ^ Aj, where / = 1 or 2} | . 
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Clearly 

a l + a 2 + a 3 + a A = r 

since each parallel class is one of the four types enumerated above. Also, 
looking at pairs of elements, we have that 

Cl\ T Cl2 = a\ T = (l\ A rt 4 = A. 

From these equations, it follows that a\ = (3A — r)/2. Therefore ( X, A) is a 
3- (2k, k, (3A - r) / 2) -design. □ 

Corollary 9.13. If there exists a Hadamard matrix of order Am, then there exists a 
3-(4 m, 2m, m — 1 )-design. 

Proof. If there exists a Hadamard matrix of order Am, then there exists a re- 
solvable (Am, 2m, 2m — 1)-BIBD from Theorem 5.19. Apply Theorem 9. 12. □ 

The next theorem constructs 3-designs with k = A and A = 3. 

Theorem 9.14. For all even integers v > 6, there exists a 3-(z;,4, 3 (-design. 

Proof. We proved in Theorem 5.2 that there exists a resolvable (v, 2, 1)-BIBD, 
say (X, .4), for all even v > A. Suppose v > 6, and suppose H \, . . . , are 
the parallel classes in this BIBD. Define 



S — {A4UA2 ^ A.\, A .2 C n j, A.\ ^2,1 ^ i ^ v — 1}. 

We will show that (X, B) is a 3-(z;,4, 3)-design. 

Consider any three points, say Xi,X 2 ,x^. Let 1 < i < 3. There is a unique 
block Aj € A that contains the pair {xi,X 2 ,X 3 }\{x,}. The block A,- is in a 
unique parallel class, say n,-.. Note that /i,/ 2,/3 ar e distinct integers. Now, 
there is a unique block in IJj. that contains x u say A(. Then {x\,X2,X3 } C 
Aj U A( for 1 < i <3. Thus we have found three blocks that contain the 
triple {xi,x 2 ,X 3 }. Clearly no other block contains this triple, so we have a 
3-(v,A, 3)-design, as required. □ 

Example 9.15. A 3-(6,4, 3)-design. We begin with the resolvable (6, 2, 1)-BIBD 
presented in Example 5.3. The parallel classes of this BIBD are as follows: 

Ho = {{00, 0}, {1,4}, {2,3}} 
n a = {{oo,l}, {2,0}, {3,4}} 
n 2 = {{00,2}, {3,1}, {4,0}} 
n 3 = {{«>, 3}, {4, 2}, {0,1}} 
n 4 = {{00,4}, {0,3}, {1,2}}. 



We obtain the following fifteen blocks of a 3-(6, 4, 3)-design, (Z4 U {00}, yl) : 
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' oo014, oo023, 1423, ' 
ool20, ool34, 2034, 

A = oo231, oo240, 3140, » . 

oo342, oo301, 4201, 
oo403, oo412, 0312 

I 

A 3-(z;,4, 1) -design is known as a Steiner quadruple system of order v and 
is denoted SQS(z;). The necessary condition for the existence of an SQS(z;) is 
that v = 2, 4 mod 6. Here is a nice doubling construction for Steiner quadru- 
ple systems. 

Theorem 9.16. If there exists an SQS(v), then there exists an SQS(2v). 

Proof. As in the proof of Theorem 9.14, we use the fact that when v is even, 
there exists a resolvable (v, 2, 1)-BIBD. Let |X| = |Y| = v, X n Y = 0. 
Let (X,A) and ( Y,B ) be resolvable (z;,2, l)-BIBDs having parallel classes 
T\\, . . . ,TI v _l and Y 4 , . . . , respectively. Also, let (X,C) and (Y,V) be 
SQS(z;). Define 

£ = {A U B : A G n,, B G Y,-, 1 < i < v - 1}. 

We show that (X U Y,C U2?U£) is anSQS(2z;). Suppose that { z\,zi,z 3} C 
X U Y. We consider the following cases that may arise. 

1. If j {z\, Z2, Z3} fl X| = 3, then { Z\,Z 2 ,z 3} is a subset of a unique block in C, 
and it is not a subset of any block in V U £. 

2. If |{zi,Z2,Z3 } n Y| = 3, then {z\, 12 , 23 } is a subset of a unique block in V, 
and it is not a subset of any block in C U £. 

3. Suppose | {zj, Z2, Z3} fl X| =2, say zi,Z2 € X and Z3 G Y. There is a 
unique parallel class, say n,, such that {z\,Z 2 } € n, . There is a unique 
block of the form {z3,Z4} e Y }. Then {zi,Z2,Z3} C {z 1 ,Z2,Z3,z 4 } G £, 
and {z\, Z2, Z3} is not a subset of any block in C U V. 

4. Suppose | {zi, Z2, Z3} n Y| =2. This is similar to the previous case. 

We have considered all possible cases, and the proof is complete. □ 

There does not exist an SQS(4) because of the restriction that v > k in the 
definition of a t-(v,k, A)-design. However, the construction presented in the 
proof of Theorem 9.16 can be carried out when v = 4, yielding an SQS(8), as 
presented in the following example. 

Example 9.17. An SQS(8). The points are X = {1,2, 3,4, a, b,c,d} and the four- 
teen blocks are as follows: 

! 12 ab, lied, 3Aab, 34 cd, ) 

13 ac, 13 bd, 24 ac, 24bd, I 
Uad, Ubc, 23 ad, 23 be, f ' 

1234, abed ) 



I 
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As a result of Example 9.17 and Theorem 9.16, we have the following 
result. 

Theorem 9.18. There exists an SQS(2 ") for all integers n > 3. 

9.2.1 Inversive Planes 

In this section, we describe how certain permutation groups can be used to 
construct /-designs. We begin with some relevant definitions. 

Definition 9.19. Suppose that G is a subgroup of the symmetric group S v acting on 
the v-set X, and suppose that t > 1 is an integer. G is sharply /-transitive provided 
that, for all choices of It elements x\, . . . , xt, y\, . . . , yt G X such that x\, . . . ,xt are 
distinct and xj\, . . . ,xjt are distinct, there is exactly one permutation n G G such 
that n(xi) = yt for all i, 1 < i < t. 

Example 9.20. Let X = Z,„ suppose that a = (0 1 • • • n — 1), and let 

G = {a 1 : 0 < i < n — 1}. 

(Note that G is isomorphic to (Z n ,+).) It is easy to see that G is sharply 1- 
transitive. 1 

Example 9.21. Let q be prime and define X = F^. Lor a G F^\{0} and for 
b € F q, define Tt[ a ,b) '■ ^ — > F^ by the rule 

n (a,b)( x ) = ax + b 

for all x € Fq. It is not difficult to see that every 7T(„ m is a permutation of F ? . 
Define 

G = {7T (fl/6 ) : a G F^\{0}, b G F,}. 

Then it can be shown that G is a sharply 2-transitive group. This group is 
often denoted AG L ( 1 , q ) . I 

Suppose that G is a sharply /-transitive subgroup of the symmetric group 
S v acting on the I'-set X. Suppose that YCX. Recall that the stabilizer of Y, 
denoted stab(Y), consists of all the permutations 7T G G such that {n{y) : 
y G Y} = Y. It is not difficult to prove that stab(Y) is a subgroup of G. Now 
consider the orbit of subsets obtained by letting G act on Y, which we denote 
by orbit(Y). 

We have the following result. 

Theorem 9. 22 .For any YCX such that t < |Y| < |X|, (X, orbit(Y)) is a t- 
(v,k, A)- design, where v = |X|, k = |Y|, and 

= k(k-l)---(k-t + 1) 

|stab(Y) | 
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Proof. For each n G G, let n(Y) = {n(\j) : y G Y}. Let A denote the multi- 
set {n (Y) : Ti G G}. Because G is sharply f-transitive, it follows that every 
f-subset of points occurs in exactly k(k — 1) ■ ■ ■ (k— f + 1 ) blocks in the collec- 
tion A. However, every block in A occurs exactly |stab(Y)| times. Therefore, 
if we keep only one copy of every distinct block, then we get a f-design with 
the stated parameters. □ 

As a first illustration of the application of Theorem 9.22, we show how to 
construct affine planes using permutation groups. 

Example 9.23. Suppose that q is a prime power, and let G be the group 
AGL(1, q 2 ) acting on F 2 . Let Y = F^ (which is a subset of X = F 2 ). It is not 
hard to see that stab(Y) = { 7T(«,fo) : a, b G F^}. (Note that stab(Y) is isomor- 
phic to AGL(1,^), but it acts on the points in F^.) Clearly, |stab(Y)| = q(q — 
1). Then, applying Theorem 9.22, we have that (X, orbit(Y)) is a 2-(q 2 , q, 1)- 
design. (This design is, in fact, isomorphic to the affine plane AG 2 (q)-) 1 

We now present a family of 3-transitive groups that can be used to con- 
struct 3-designs with A = 1 . 

Let q be a prime power and suppose that a, b,c,d G F 1? , ad — be 0. Let 
00 ^ F^, and define a function n / a b \ : (F^ U { 00 }) — > (F 1? U { 00 }) as follows: 

V c d ) 

if x g F q and ex + d f 0 

00 if x G F„, cx + d = 0, and ax + b A 0 

a ■( a -L r\ 

1 if x = 00 and Cf 0 

00 if x = 00 , c = 0 , and a f 0 . 

We observe that the four cases enumerated above cover all the possibilities 
because a — c = 0 is not allowed, and it is impossible that ax + b = cx + d = 
0 . 

The following lemma is straightforward to prove. 

Lemma 9.24. Suppose that q is a prime power, a, b,c,d G F^, and ad — be 7 ^ 0. 
Then Ti/ a b \ is a permutation o/F 1? U { 00 }. 

\c d) 

It is easy to see that the permutations TZ/ a and Ti/ ra rb \ are identical 

\c d J \rc rd ) 

if r 7 ^ 0. Define PGL(2, q) to consist of all the distinct permutations n / a b \ , 

Vc d) 

where a, b,c,d G F, ? and ad — be 7 ^ 0. Notice that there are q — 1 identical 
permutations Ti/ a b \ corresponding to each permutation in PGL(2, q). 

\cd) 

Lemma 9.25. | PGL(2, q) \ = q 3 — q. 




9.2 Some Constructions for f-Designs with t > 3 211 



Proof. There are q 4 four-tuples (a, b, c, d ) e (F i; ) 4 . To compute | PGL(2, q) |, we 
must subtract the number of four-tuples such that ad = be and then divide 
by q — 1. 

It is clear that ad = be if and only if det (” ^) = 0. If (a,b) = (0,0), 
then any one of the q 2 choices for (c, d) yields a zero determinant. If ( a , b) / 
(0,0), then there are q scalar multiples of ( a,b ), each of which yields a zero 
determinant when it is defined to be ( c,d ). 

Therefore we have that 

ipgl( 2,,)| = a hdsi±hj^li) = ,3_,. 

q i 

□ 



Theorem 9.26. PGL(2, q) is a sharply 3-transitive permutation group. 

Proof. First, to show that PGL(2, q) is a group, it is sufficient to prove that 
the composition of any two permutations in PGL(2, q) is again a permuta- 
tion in PGL( 2, q). Consider the composition of two permutations 7Z/ a b \ and 

\cd) 

71 ( a' b' \ ' n PGL(2, q). Using elementary algebra, it is easy to see that 

\c' d') 



for all x, where 



Furthermore, 



n, 



fab) l 77 ( a' b'\ 
Vc d) \ Vc' d'J 



a " b" 
c" d" 



> (*) = 



a b 
c d 



71 fa” b"\( x ) 
Vc" d") 



a' b 1 
c' d 1 



det 



a" b" 
" d" 



= det 



a b 
c d 



det 



c' d‘ 



9^0 



because det (f %) ^=0 and det ^ ^ 0. 

We now show that PGL(2, q) is sharply 3-transitive. First, we prove that, 
for all choices of three distinct elements r, s, t £ ly l.J {oo}, there is a per- 
mutation 7i / a b \ £ PGL(2,^) such that 7i/ a b \(0) = r, Tif a b \ (1) = s, and 

\cd) V c d) \cd) 

tz / ab \ (oo) : t. Proving this assertion requires some consideration of cases. 

Vc d) 

First, suppose that r, s, t £ F,j. Then what we want is 



b 




a + b 

7 = s, and 

c + d 
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If we set d = 1 (which we can do without loss of generality), then we obtain 

t( s — r ) 

a = / 

t — s 

b = r, 

S — T , 

c = , and 

t — s 

d = 1 . 

The cases when one of r, s, t = oo can be handled by similar considerations, 
and in each case we find the desired permutation. 

Now, suppose we choose three distinct elements r,s,t e F^ U {oo}, and 
r',s', t 1 £ Fq U {oo} are also distinct. We proved above that there is a permu- 
tation 7t/ a b \ that maps 0 to r, 1 to s, and oo to f and a permutation rt/ a i fc /\ 

\cd) Vc'rf'J 

that maps 0 to r', 1 to s', and oo to f'. Define 

/ a" b"\ fa 1 b'\ ( a b\ 1 

yc" d") ~ Vc' d’J \cd) ; 

then the permutation 7 r/ n // h u\ maps r to r', s to s', and t to t'. 

V c" d" ) 

We have shown that there is at least one permutation mapping any three 
distinct elements r, s, f to r', s', f', respectively. However, the total number 
of permutations in PGL(2, q) is t / 3 — q, so we conclude that there is exactly 
one permutation mapping any three distinct elements r, s, f to r', s', t ', respec- 
tively. Therefore, we have shown that PGL(2, q) is sharply 3-transitive. □ 

Consider PGL(2, q 2 ); this is a sharply 3-transitive group acting on the set 
X = F ^2 U {oo}. Let Y = Wij U {oo}. It is not hard to prove that stab(Y) is 
isomorphic to PGL(2, q) (acting on X). Therefore, |stab(Y)| = q^ — q, and it 
follows from Theorem 9.22 that (X, orbit(Y)) is a 3-(q 2 + 1,^ + 1, l)-design. 
This 3-design is called an inversive plane. Summarizing, we have the follow- 
ing result. 

Theorem 9.27. For all prime powers q, there exists a 3 -(q 1 + l,q + l, 1 )-design. 

Example 9.28. We construct a 3- ( 10, 4, 1) -design using Theorem 9.27. The de- 
sign consists of 30 blocks on the points F 9 U { 00 } obtained by letting PGL(2, 9) 
act on the block Z 3 U { 00 }. Using the irreducible polynomial x 2 + 1 £ Z 3 [x], 
we can construct the field F 9 = Z? : | x] / (x 2 + 1). The blocks of the resulting 
3- ( 1 0, 4, 1 ) -design are listed in Figure 9.1. 1 



9.2.2 Some 5-Designs 

We first present a construction (without proof) for a 5- (12, 6 , 1) -design that 
uses permutation groups. For an odd prime power q, the group PSL( 2, q) is 
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{ 00 , 0 , 1 , 2 }, {oo, 0, x, 2x}, {oo, 0, x + 2,2x + 1}, 

{oo, 0, x + l,2x + 2}, {oo, l,x,2x + 2}, {oo, 1, x + 2,2x}, 

{oo, 1, x + l,2x + 1}, {oo,2,x,2x + 1}, {oo,2,x + 2,2x + 2}, 

{oo,2, x + l,2x}, {oo,x,x + l,x + 2}, {oo,2x,2x + l,2x + 2}, 

{0, l,x + 2,2x + 2}, {0, l,x, x + 1}, {0, l,2x, 2x + 1}, 

{0, 2,x + l,2x + 1}, {0, 2,x, x + 2}, {0,2,2x,2x + 2}, 

{0, x, 2x + 1 , 2x + 2}, {0, x + 1 , x + 2, 2x}, {l,2,x,2x}, 

{l,2,x + l,x + 2}, { 1, 2, 2x + 1, 2x + 2}, {l,x,x + 2,2x + 1}, 

{ 1, x + 1, 2x, 2x + 2}, {2,x,x + l,2x + 2}, {2,x + 2,2x,2x + 1}, 

{x,x + l,2x,2x + 1}, {x, x + 2, 2x, 2x + 2}, {x + l,x + 2,2x + l,2x + 2}. 

Fig. 9.1. The Blocks in a 3-(10, 4, 1)-Design 



the subgroup of PGL(2, q) consisting of all the distinct permutations Ti/ a b \ 

\c d) 

such that ad — be f 0 is a quadratic residue in IF^. It can be shown that 
|PSL(2,(j)| = (q 3 — l)/2. 

Example 9.29. Let X = Fn U {oo} and let Y = {1,3, 4, 5, 9} U {oo} (note that 
Y consists of the quadratic residues modulo 11 together with oo). Applying 
the group PSL(2, 11) to Y, it can be proven that (X, orbit (Y)) is a 5-(12,6, 1)- 
design. 1 

In the rest of this section, we will present a construction for an infinite 
class of 5-designs. First, we need some preliminary results on a seemingly 
different topic. 

Let« > 2 be an integer, and let (X, A) be a projective plane of order 2". A 
hyperoval in (X,A) is a set of 2" + 2 points OCX such that \0 D A\ e {0,2} 
for all A £ A. 

Theorem 9.30. For all integers n > 2, there exists a projective plane of order 2" 
containing a hyperoval. 

Proof. We construct a projective plane of order 2” as in Section 2.3. Let V 
denote the three-dimensional vector space over the field ¥ 2 " ■ Let X consist 
of all the one-dimensional subspaces of V , and let B consist of all the two- 
dimensional subspaces of V. For each B £ B, define a block 

Ag = {x £ X : x C B}. 



Finally, define 

A = {A b :Bg B}. 

Then (X, A) is a projective plane of order 2". 

For each x £ X, choose a 3-tuple {xi,X 2 ,x B ) G x such that (xi,X 2 / * 3 ) f 
(0,0,0). Also, for each (x 1 ,x 2 /^ 3 ) G (F 2 >i) 3 such that (x 1 ,x 2 ,x 3 ) (0,0,0), 

span((xq,x 2 , x 3 )) G X is the unique point x G X such that (xq,x 2 ,x 3 ) G x (i.e., 
it is the one-dimensional subspace generated by (x 3 , x 2 , x 3 )). 
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Now, define 

O = {x £ X : x\x 2 + X2X3 + J 3 X 1 = 0} U {span((l, 1, 1))}. 

We will show that O is a hyperoval. First, we find all the points in O. Con- 
sider the equation ab + be + ca = 0, a, b, c £ If a = 0, then be = 0, so b = 0 
or c = 0. Similarly, if b = 0, then a = 0 or c = 0; and if c = 0, then a = 0 
or b = 0. This gives us three points in O: span((0, 0, 1)), span((0, 1,0)), and 
span((l, 0 , 0 )). 

We have considered all cases where at least one of a, b, c = 0. Therefore 
we can now assume a, b, c / 0. Since points are one-dimensional subspaces, 
we can assume without loss of generality that a = 1. Then c = b(b + 1) _1 . 
In order for (b + l) -1 to exist, b /I . Therefore we obtain q — 1 more points 
in O'. span((l,b,fc(fc + l) -1 )), where b ^ 0, 1. Finally, span((l, 1, 1)) £ O by 
definition, and so we have shown that there are q + 2 points in O. 

To show that O is a hyperoval, we must show that any block in the pro- 
jective plane intersects O in either zero or two points. A block can be defined 
as the solution set of a linear equation 

B d,e,f = {span ((a,b,c)) : ( a,b,c ) £ (F q ) 3 ,(d,e,f) ■ ( a,b,c ) = 0 }, 

where d,e,f £ F ? . If (d, e,f) and (, d' , e' ,f) are scalar multiples of each other, 
then they define the same block. Therefore, without loss of generality, we can 
take the first nonzero coefficient of (d, e,f) to be 1 . 

There are several cases to consider. 

1. Suppose ( d,e,f ) = (1,0,0). Then 

Bfc/OO = {span(( 0 , 1 , 0 )), span(( 0 , 0 , 1 ))}. 

2. Suppose ( d,e,f ) = (0,1,0). Then 

B d,e,f FI O = {span((l, 0 , 0 )), span(( 0 , 0, 1 ))}. 

3. Suppose ( d,e,f ) = (0,0,1). Then 

B d , e , f nO = {span((l, 0, 0)), span((0, 1,0))}. 

4. Suppose ( d,e,f ) = (1,0, 1). Then 

B d,e,f^O = {span((0, 1, 0)), span((l, 1,1))}. 

5. Suppose ( d,e,f ) = (1,0,/),/ / 0,1. Then 

Bfe/dO = {span(( 0 , l, 0 )),span((l, (/ + l) -1 ,/ -1 ))}. 

6 . Suppose ( d,e,f ) = (1,1,0). Then 

B d,e,f^O = {span((0, 0, 1)), span((l, 1,1))}. 
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7. Suppose (. d , e,f) = (1, e, 0), e / 0, 1. Then 

%,/nO = {span((0, 0, 1)), span((l, e _1 , (1 + e)" 1 ))}. 

8. Suppose ( d,e,f ) = (0,1,1). Then 

%/flO = {span((l, 0, 0)), span((l, 1,1))}. 

9. Suppose ( d,e,f ) = (0,1,/),/ / 0,1. Then 

B d,e,fAO = {span((l,0,0)),span((l,/“ 1 ,/(l +/) -1 ))}. 

10. Suppose (d,e,f) = (1 ,e,f), where e,f / 0. 

a) If e + f = 1, then 

B d,e,f^O = {span((l,l,l)),span((l,r _1 ,(l + r) -1 ))}, 

where r is the unique square root (in IF/ of e (this is why we require 
that q be even: in a finite field of even order, every nonzero field ele- 
ment has a unique square root). 

b) If e + / 1, then we form the quadratic equation 

eb 2 + (e + f + l)b + 1 = 0. 

The linear coefficient in this equation, namely e + f + 1, is nonzero, 
so this equation has either zero or two roots over I/. The roots (if 
any) determine the values of b such that span((l, b, b{b + l) -1 )) £ 
B d,e,f n O- 

The cases above exhaust all the possibilities, and the desired result is proven. 

□ 

Example 9.31. A hyperoval O in a projective plane of order 4. We begin by 
constructing the field F4 = Z2[x]/ ( x 2 + x + 1). Then the six points in O are 
as follows: 

= f span ((0,0,1)), span((0, 1,0)), span((l,0,0)), 1 

\ span((l,x, x + 1)), span((l,x + l,x)), span((l, 1,1)) J 



I 



Theorem 9.32. For all integers n > 3, there exists a 5-(2” + 2,6, 15 )-design. 

Proof. Let O be a hyperoval in a projective plane of order 2", say (X, A). For 
each point x £ X\O r define 

V(x) = {A £ A : x £ A and |A n 0\ = 2}. 

Note that each V(x) consists of 2"~ 1 + 1 blocks. Now, for x £ X\0, define 
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n x = {AnO: A G V(x)j. 

Using the fact that O is a hyperoval, it is not hard to see that each Tl x is 
a partition of O into 2" -1 + 1 2-subsets. Further, given any two disjoint 2- 
subsets in O, there is a unique Tl x that contains both of them (this follows 
because any two blocks in a projective plane intersect in a unique point). 
Now, define 

B = { A\ U A 2 U A3 : A\, Ai, A3 G Tl x , Ai ^ A 2 ^ A3 f A lf x G X\C>}. 

We claim that the pair (0,13) is a 5-(2" + 2, 6, 15)-design. To prove this, let 
X\, X2, X3, X4, X5 be five distinct points in O. There are (|) (|) /2 = 15 ways to 
choose two disjoint 2-subsets from { xj , X 2 , U, x 4 , X 5 } . Consider, for example, 
{x\, X2} and {X3, x 4 }. As stated above, there is a unique x such that {xq, xq} G 
Tl.v and { X3, x 4 } G TI. V . Then, there is a unique such that {X5, jg} G TT Y . This 

yields a block {x\, X 2 , X3, x 4 , X5, x (l } containing the five given points. 

From this argument, it is easily seen that we have a 5-(2 ,! + 2,6,15)- 
design. □ 



9.3 f-wise Balanced Designs 

We begin by defining f- wise balanced designs, which generalize the notion 
of pairwise balanced designs. 

Definition 9.33. Let t > 1 be an integer. A f- wise balanced design is a design 
(X, B) such that the following properties are satisfied. 

1 . |B| > t for all B G B. 

2 . Every subset of t distinct points is contained in exactly one block. 

Let K C {n G Z : n > t}. A t-zvise balanced design (X, B) is denoted as a t-(v, K)- 
tBD provided that |X| = v and |B| G K for all B G B. 

As a first class of examples, we observe that it is easy to construct certain 
3-wise balanced designs using the method of Theorem 9.16. 

Theorem 9.34. Suppose that v >2 is an even integer. Then there exists a 3- 
(2e,{4,p})-tBD. 

Proof. Use the same construction as in the proof of Theorem 9.16, but retain 
X and Y as two blocks of size v. □ 

Next, we give an elegant construction for certain 5-wise balanced designs. 

Theorem 9.35. For all integers n > 4, there exists a 5-(2", {6, 8})-tBD. 
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Proof. Let X = (Z2)". Define 

Yl=<YCX:|Y|=6 and £ x = ( 0 ,. . ., 0 ) 

[ xeY 

Let B consist of all three-dimensional subspaces of (Z2)™ and all their ad- 
ditive cosets (recall that the blocks in B are called flats). Observe that a flat 
has the form a + span(u, v, w), where a, u, v, w € (Z2)”; u, v, w are linearly 
independent; and span(u,v,w) denotes the subspace spanned by u, v, and 
w. 

We will show that (X, A U B) is a 5 -( 2 ", {6,8})-tBD. Let xi, X2, X3, X4, X5 
be five distinct vectors in (Z2)' 1 . Define x 6 = xj + X2 + X3 + X4 + X5. If x 6 is 
distinct from X\, X2, X3, X4, X5, then {xx,X2,X3,X4, X5, xg} is a block in Yl that 
contains xx,X2,X3,X4,X5. Suppose that x^ € {xi,X2,X3,X4,xs}. Without loss 
of generality, suppose that X5 = x (v Then xj + X2 + X3 + X4 = 0 and hence 
X4 = X4 + X2 + X3. It is not difficult to check that 

x 5 + span(xi + x 5/ x 2 + x 5/ x 3 + x 5 ) 

is a flat of dimension three (i.e., a block in B) that contains X4,X2,X3,X4,X5. 
This is easy to verify since 



span(xi + x 5 ,x 2 + x 5 ,x 3 + x 5 )\{(0, . . . ,0)} 

= {X! + x 5 , x 2 + x 5 , x 3 + x 5 , Xx + x 2 , x 2 + x 3 , X 1 + x 3 , x 4 + x 5 }. 

At this point, we know that every set of five points occurs in at least one 
block. We need to check that no set of five points occurs in more than one 
block. Equivalently, we need to show that no two blocks intersect in more 
than four points. 

Clearly no two blocks in A intersect in more than four points since two 
blocks in A that intersect in five points would be identical. The intersection of 
two blocks in B is a flat and therefore cannot contain more than four points, 
so we need only to consider the intersection of a block in A £ A with a block 
in B £ B. Since B is a flat, the sum of an odd number of vectors in B is a 
vector in B. This means that \A f~l £>| / 5 since any vector in A is the sum of 
the other five vectors in A. The only remaining possibility is that A C B. Now 
the sum of all the vectors in B is ( 0 , . . . , 0 ), as is the sum of all the vectors in 
A. This means that the sum of the two vectors in B\ A is also ( 0 , . . . , 0 ), which 
implies that they are equal. This is a contradiction, and we conclude that we 
have constructed a 5 -wise balanced design. □ 

9.3.1 Holes and Subdesigns 

Definition 9 . 36 . Let t >lbe an integer. An incomplete f-wise balanced design 
is a triple (X, Y, B) such that the following properties are satisfied. 
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1. X is a set of elements called points. 

2. Y C X is called the hole. 

3. B is a set of subsets ofX called blocks such that \B \ > tfor all B e B. 

4. No block contains t points from Y. 

5. Every subset of t points Z C X such that Z <2 Y is contained in exactly one 
block. 

Let K C fn G Z : n > f}. An incomplete t-wise balanced design ( X,Y,B ) is 
denoted as a t-(v,h,K)-\tBD provided that |X| = v, |Y| = h, and |B| G Kfor all 
B , B. 

Example 9.37. Corollary 7.4 shows how to construct a (2z; — 1, {3, v — 1})-PBD 
having exactly one block of size v — 1 whenever v > 4 is an even integer. If the 
block of size z? — 1 is taken to be the hole, then we have a 2-(2v — 1, v — 1, {3})- 

ItBD. I 

Observe that a t-(v, h, X)-ltBD is the same thing as a t-(v, X)-tBD when 
0 < h < t — 1. When h > t, we have the following result. 

Lemma 9.38. Suppose there is a t-(v,h,K)-\tBD, where h > t. Then there is a t- 
(v,KU {7z})-tBD. 

Proof. Let ( X,Y,B ) be a t-(v,h,K)-\tBD. Define C = BU{Y}. Then (X,C) is a 
t-(v,K\J {/z})-tBD. □ 

Holes can sometimes be filled in with t- wise balanced designs, as is 
shown in the following lemma. 

Lemma 9.39 (Filling in Holes). Suppose there exists a t-(v,h,K)-\tBD and a t- 
(/*,.K)-tBD. Then there exists a t-{v, X)-tBD. 

Proof. Let ( X,Y ,B ) be a t-(v,h,K)- ItBD and let ( Y,C ) be a t-(h,K)- tBD. Then 
it is easy to see that (X, B U C) is a t-(h, X)-tBD. □ 

Suppose that (X,B) is a t-(v, K)-tBD, and suppose further that Y C X 
and C C B. Then ( Y,C ) is a subdesign of (X, B) provided that (Y, C ) is itself a 
t-(h,K)- tBD, where h = |Y|. Any block of a t- wise balanced design yields a 
subdesign. Subdesigns consisting of more than one block are more interest- 
ing, however. 

Observe that Lemma 9.39 creates an incomplete t-wise balanced design 
that contains a subdesign, (Y, C). The following lemma is a type of converse 
result. 

Lemma 9.40. Suppose that (X,B) is a t-(v r K)-tBD and (Y,C) is a subdesign. De- 
fine V = B\C. Then (X,Y,V) is a t-(v,h,K)-\tBD, where h = |Y|. 

In the rest of this section, we find some necessary conditions for the exis- 
tence of certain incomplete f-wise balanced designs. 
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Theorem 9.41. Suppose that t,k,li, and v are positive integers such that 2 < t < 
k <h < v. In a t-(v, h, {fc})-ltBD, say (X, Y , B), the number of blocks disjoint from 
the hole is exactly 



, , „ M (-!)'(?) ((H) - (?:')) 

a(t, v, h, k) = Y, - 

i=o l t-i) 



Proof. The proof is similar to the first part of the proof of Theorem 9.7. For 
any y <E Y, define 

B y = {B&B-.y& B}. 

Then, for any Yq C Y such that Yq = i < t, it is easy to see that 



n*» 

yeY 0 



(£!) - (t=D 

(tD 



Applying the principle of inclusion-exclusion, as in the proof of Theorem 9.7, 
the desired result is obtained. □ 



Corollary 9.42. Suppose that t,k,h, and v are positive integers such that 2 < t < 
k <h < v. If a t-(v,li, {k})-\tBD exists, then a(t,v,h / k ) > 0. 



Corollary 9.42 can be used to prove some useful necessary conditions. 
The first interesting case is t = 2, which can easily be analyzed. We have the 
following: 



a( 2, v, h,k ) 



f- 


■!)'(?) ((K) - 


L—l 

1=0 


(£) 


©- 


( 2 ) h(v-h) 


(£ 


) k-1 


v — h 
k- 1 


( v + h - 1 ' 

k " 



(h—i 

\2-i 



Therefore it follows that a(2,v,h,k ) > 0 if and only if v > h(k — 1) + 1, and 
we obtain the following well-known result by applying Corollary 9.42. 

Theorem 9.43. Suppose that k, h, and v are positive integers such that 2 < k < 
h < v. If a 2-(v,h, {k})-ltBD exists, then v > h(k — 1) + 1. 

We observe that the 2-(2v — 1, v — 1, {3})-ltBDs, which were constructed 
in Example 9.37, meet the bound of Theorem 9.43 with equality. 

Another case that can be solved is when t is even and k = t + 1 . First, we 
rewrite the function a(t,v,h,k) and apply a certain binomial identity. For a 
positive integer x > k, define 
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Vf-iJ 



/— 0 



Then it is clear that a{t, v, h, k) = b(t, k, h, v) — b(t, k, h, h). We study the func- 
tion b a bit further. 

Using the fact that 

(d) (»~k) 



we have that 



b(t,k,h,x) = ^ 
i=0 



(f:;) O ' 






(tit) 



= 7% £(-!)" 

U-fJ ;=o 



; //l\ (x — i 
i ) \x — k 



Now we can apply a binomial identity, which we state without proof. 



/— 0 



h\ ( x — i 



i ) \x — k 

From (9.4) and (9.5), it follows immediately that 



x — h 
k 



(9.4) 



(9.5) 



1 



b(t,k,h,x) = -—t- 

(: k-i ) 



'* ,a -d-i)'('; 

i=t 



X — U 

i I \ x — k ) 



We apply the results above when A: = f + 1 and f is even: 



b(t, f + 1 ,h,x) = 



1 ( (x-h\ tU 1 



x — t 

1 



IWi 



-D-D't- 

i=t 



X — l 



x — h\ (h 



x-t V W + l 






(x — f) + 



i J \x — t — 1, 
h 

f + 1, 



Now we can compute the function a(t, v,h,t+ 1) (when f is even) as follows: 



a(t,v,h, t + 1) = b(t, t + - b(t, t + 1 ,h,h) 



1 / fv — h 



v-t \\t + lj \t 

1 f (h 



(v — t) + 



h 

f + 1 



h-t 



(h - f) + 



h 

f + 1 



1 fv — h\ 



v — t \t + 1 
1 ( fv — h 



h 



1 



1 



f + 1/ \v — t h — f 
^ h \v — h 
v-t Wf + i; ~~ V + V h - * 



Then it is easily seen that a(t,v,h,t + 1) > 0 if and only if 
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(u — h — 1) x • • • x (v — h — t) > h x • • • x (h — t + 1). 

This is true if and only if v > 2h + 1 . 

Applying Corollary 9.42, we have the following result. 

Theorem 9.44. Suppose that t,h, and v are positive integers such that t + 1 < h < 
v, and suppose that t is even. If a t-(v,h, {t + l})-ltBD exists, then v >2 h + 1. 

We can obtain a slightly stronger result when t > 3 is odd. 

Theorem 9.45. Suppose that t,h, and v are positive integers such that t + 1 < h < 
v, and suppose that t >3is odd. If a t-(v, h,{t + l})-ltBD exists, then v > 2 h. 

Proof. Suppose that (X, Y , B) is a t-(v,h, {t + l})-ltBD with t > 3, t odd. Let 
y € Y. Then 

(X\{y},Y\{y},{B\{y} : y G B G B}) 

is a (f — l)-(z; — 1 ,h — 1, {f})-ltBD. Applying Theorem 9.44, we have that v — 
l>2(h-l) + l,orv>2h. □ 



9.4 Notes and References 

For more information on the topics described in this chapter, see Kramer [70], 
Kreher [72], and Colbourn and Mathon [31], all of which are sections in "The 
CRC Handbook of Combinatorial Designs". 

Steiner quadruple systems of all possible orders were shown to exist by 
Hanani [56]. A very readable proof of this difficult result can be found in 
Chapter 7 of "Design Theory" by Lindner and Rodger [77]. Hartman and 
Phelps [58] is a useful survey on Steiner quadruple systems. 

Theorem 9.8 is due to Wilson [120]. The proof we give is from Cameron 
[19]. Theorem 9.27 is due to Witt [124]. 

The proofs of Theorems 9.14 and 9.32 are due to Lonz and Vanstone; their 
techniques are discussed further by Jungnickel and Vanstone in [66] and [67], 

The construction of simple /-designs with t > 3 has been a problem of 
ongoing interest. There are quite a number of results for t = 3, but relatively 
little is known for t > 4. It is known that such designs exist for all t; this is 
a famous result of Teirlinck [108]. The existence of a f-design with t > 6 and 
A = 1 is currently unknown, however. 

Theorem 9.35 is unpublished work due to Wilson; the construction is pre- 
sented in Kramer [69]. In 1983, Kramer [69] conjectured the results that we 
stated as Theorems 9.44 and 9.45. These theorems were proven by Kreher 
and Rees in 2001 [73]. 
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9.5 Exercises 

9.1 A t-(v,k, A)-design, say (X,A), is said to be a graphical t-design if X 
consists of the edges of a complete graph K n (i.e., all the 2-subsets of a 
w-set, where v = (j)) and A is formed by taking all subgraphs of K n 
that are isomorphic to one of the graphs in a set Q of specified sub- 
graphs of K n . 

(a) Suppose that v = 15, n = 6, and 

Q = {{ 12,34, 56},{12, 13,23}}. 

Prove that the result is a graphical 2- ( 15, 3, 1) -design (i.e., a 
(15, 3, 1)-BIBD). 

(b) Suppose that v = 10, n = 5, and 

g = { { 12, 13, 14, 15}, {12, 13, 23, 45}, { 12, 23, 34, 14} } . 

Prove that the result is a graphical 3-(10, 4, l)-design. 

9.2 Assuming that a 5-(12, 6, l)-design exists, compute the values A'J for all 
i, j such that i + j <5. 

9.3 Construct a 1-(14, 6, 3)-design. 

9.4 Theorem 9.14 describes how to construct a 3-(v, 4, 3)-design from a re- 
solvable (v, 2, 1)-BIBD, say (X, A). Let TT | , . . . , TI r ,_ i denote the paral- 
lel classes in this BIBD, and denote by (X, B) the resulting 3-(v, 4, 3)- 
design. Prove the following assertions: 

(a) For any i ^ j, TT, U TT, consists of disjoint cycles that partition X. 

(b) The length of any cycle in any union IT/ U TT ; is an even integer 
that is > 4. 

(c) (X, B) is a simple 3-(v, 4, 3) -design if and only if there is no cycle 
of length four in any union IT,- U TT, . 

9.5 Suppose there is an SQS(v). Prove that there is a 3-(2v, {z?,4})-tBD. 

9.6 Suppose there is a 3-(v, {4, 6})-tBD. Prove that there is a 3-(2v, {4, 6})- 
tBD. 

9.7 Use the existence of hyperovals to establish the following. 

(a) Prove that there is a 2-(2 2 " — 1, {2" + 1, 2" — l})-tBD for all inte- 
gers n >2. 

(b) For all integers n >2 and all integers i such that 1 < i < 2" + 1, 
prove that there is a 2-(2 2,! + 2" + 1 - i, {2 n + 1,2", 2” - l})-tBD. 

9.8 Let m > 2 be an integer, and let (X, A) be a projective plane of order 
m. Suppose that O C X is a set of points such that O n A <2 for all 
A £ A. Prove the following. 

(a) \0\ <m + 2. 

(b) If |0| = m + 2, then \OC\A\ e {0,2} for all A e A. 

( c ) If \0\ = m + 2, then m is even. 

9.9 We outline a proof that the identity (9.5) holds. The proof uses the fol- 
lowing two simpler identities: 



n 



i — h — 1 
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and 




Remark: You are not asked to prove these two identities. However, we 
note that (9.6) follows easily from the definition of a binomial coeffi- 
cient, and (9.7) is a classical result known as the Vandermonde convolu- 
tion formula. 

Assuming that (9.6) and (9.7) hold, prove that (9.5) holds as follows: 
. replace (*:{) by (£!), 

• apply (9.6), 

• apply (9.7), and finally 

• apply (9.6). 

9.10 Prove that a 2-(v,h, {k})-ltBD with v = h(k — 1) + 1 exists if and only 
if a resolvable (v — h,k — 1, 1)-BIBD exists. 
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Orthogonal Arrays and Codes 



10.1 Orthogonal Arrays 

We defined orthogonal arrays in Section 6.5. We give a more general defini- 
tion now. 

Definition 10.1. Let t,v,k, and A be positive integers such that k > t > 2. A t- 
(v,k, A) orthogonal array (denoted t-(v,k, A)-OA) is a pair (X, D) such that the 
following properties are satisfied. 

1. X is a set ofv elements called points. 

2. D is a Av f by k array whose entries are chosen from the set X. 

3. Within any t columns of D, every t-tuple of points is contained in exactly A 
rows. 

An orthogonal array (X, D) is a simple orthogonal array if all the rows in D 
are different (i.e., D does not contain "repeated roivs"). An orthogonal array (X, D ) 
is a linear orthogonal array if X = F^ for some prime power q and the rows of 
D form a subspace (of the vector space (F q) k ) having dimension log^ \D\. It is clear 
from the definitions that a linear orthogonal array is necessarily simple. 

We already defined a special type of orthogonal array in Section 6.5; an 
OA (k, n) (as defined in Section 6.5) is the same thing as a 2-(v,k, l)-OA. That 
is, the previous definition is just the special case t = 2 and A = 1. 

We have defined orthogonal arrays using array notation. Each row of an 
orthogonal array D is a fc-tuple. It is possible to define an orthogonal array to 
be the collection (or multiset) of ^-tuples formed from the rows of D. We will 
sometimes use this alternative viewpoint, particularly when we consider the 
connections with codes in later sections of this chapter. 

We illustrate the definition above with a simple construction for certain 
orthogonal arrays from Hadamard matrices. 

Theorem 10.2. Suppose there exists a Hadamard matrix of order Am. Then there 
exists a 2-(2,4 m — 1, m)- OA. 
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Proof. Let H be a standardized Hadamard matrix of order 4wz (see Section 
4.1). Delete the first row of H, and then transpose this array to form a Am by 
Am — 1 array, D. It is easy to see that D is the desired orthogonal array using 
the counting arguments from the proof of Theorem 4.4. □ 



Example 10.3. A 2-(2, 7, 2)-OA constructed from the Hadamard matrix of or- 
der 8 presented in Example 4.6. 



/ 111111 1\ 

1 1 1 -1 -1 -1 -1 
1 - 1-1 1 1-1 -1 

1 -1 -1 - 1-1 1 1 

-1 1-1 1-1 1 -1 

-1 1 - 1-1 1-1 1 

- 1-1 1 1 -1 -1 1 

\ 1 — 1 1-1 1 1-1/ 



I 

The following important construction enables orthogonal arrays to be 
constructed for a wide variety of parameter situations. 

Theorem 10.4. Let t and n be positive integers, and let q be a prime power. Let M 
be an £ by n matrix of elements from F^ szzc/z that every set oft columns of M is 
linearly independent. Define D to be the q l: by n matrix zvhose rows consist of all the 
linear combinations of the rows of M. Then (F^, D) is a linear t-(q, n, A)-OA, where 
A = q e ~ { . 

Proof. Choose t columns of D, say the ones labeled c\, . . . , ct ■ Let (t/i, . ..,yf) 
be an arbitrary f-tuple of elements of F 1? . We want to determine the rows i of 
D such that D(i, cj) = yj for 1 < j < t. 

A row of D is constructed as r M, where r = (j\, ... ,re) G (F i; ) f . Let c ; 
denote the jth column of M for 1 < j < n. We want to determine all vectors 
r such that 

ic ij = x Jij * 1 < ; < t. (io.i) 

The column vectors c ( | , . . . , c !( are linearly independent by assumption. There- 
fore, (10.1) is a system of t independent linear equations in £ unknowns, and 
it has a solution space of dimension £ — t. The number of solutions r is q‘ " 
as desired. □ 

We present a couple of important corollaries of Theorem 10.4. 

Corollary 10.5. Let £ >2 be a positive integer, and let q be a prime power. Then 
there exists a 2-{q, (q e — 1 )/(q — l),q e ~ 2 )-OA. 
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Proof. Excluding the zero vector, there are q ( — 1 distinct ^-tuples of elements 
of Each P tuple has q — 1 nonzero scalar multiples, so the q‘ 1 nonzero 

vectors are partitioned into (q e — 1 )/(q — 1 ) subspaces each of dimension 
equal to one. Arbitrarily pick one vector from each subspace, and let these 
vectors be the columns of M. Then apply Theorem 10.4. □ 

When we take f = 2 in Corollary 10.5, we get a 2-(q, q + 1, l)-OA. This is 
equivalent to the projective plane P G 2 f C j . 

Example 10.6. Suppose we take q = 5 and l = 2 in Corollary 10.5. Each pair 
of columns of the following 2 x 6 matrix is linearly independent over Z 5 : 

fO 1 1 1 1 1\ 

^1 0 1 2 3 4 J ' 

Applying Theorem 10.4, the following 2-(5, 6 , l)-OA is obtained: 

/ 000000 \ 

0 11111 
0 2 2 2 2 2 
0 3 3 3 3 3 
044444 
10 12 3 4 

2 1 2340 

3 2 340 1 
4340 1 2 
040 1 2 3 
2024 1 3 
3 1 3 0 2 4 
424 1 3 0 
0 3 0 24 1 
14 13 0 2 



40432 1 
0 1 043 2 
12 1043 
2 3 2 1 0 4 
\343210/ 

I 

Corollary 10.7. Let t > 2 be an integer, and let q be a prime power. Then there 
exists a t-(q, q, l)-OA. 

Proof. For every x G F ? , construct the vector x = (1, x, x 2 , . . . , x^ 1 ) G (F^) f . 
Transpose these q vectors to form the columns of M. Therefore M has the 
following form: 
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( 1 



M = 



X\ x 2 

2 2 
X\ X 2 



J 3 

X 3 2 



\xi f 1 x 2 l 1 xf 1 



1 \ 



f-1 



where X\, ■ ■ ■ ,x q are the q distinct elements of F q . 

In order to apply Theorem 10.4, we need to show that any t of the vectors 
x are linearly independent. Suppose that this is not the case. Then there exists 
a f x f submatrix of M, say Mo, whose columns are linearly dependent. Mo 
has the form 



M 0 



/ 1 1 1 ••• 1 \ 

Vi yi y 3 • • • yt 

2 2 2 2 
yi yi y?r ■■■ ye , 



\ „ f-i „ f-i 1( t-i „ f-i / 

\yi 3/2 y 3 • • • !/f / 



where y\,...,yt are t distinct elements of TF (? . 

If the columns of M (l are linearly dependent, then the rows of Mo are also 
linearly dependent. Therefore, there exist a \, . . . , at £ F^, not all equal to 0, 
such that (a . . . , flf )M q = ( 0 , . . . , 0). Define the polynomial 



a(x) = «i + a 2 x + • • • + a t x f 1 ; 



then a(yj) = 0 for 1 </'<*• This means that the degree f — 1 polynomial f?(x) 
has t roots in the field IFy, which is impossible. This contradiction establishes 
the desired result. □ 



Example 10.8. A 3-(5,5, l)-OA. The matrix M described in Corollary 10.7 is as 
follows: 

/ 1 1 1 1 1 \ 

M= 0 1234 . 

\0 1 44 1/ 

The 125 rows that are the linear combinations (over Z5) of the three rows of 
M comprise the desired orthogonal array. I 

The constructions above all yield linear orthogonal arrays. Here is a con- 
struction for orthogonal arrays that makes use of quadratic, instead of linear, 
functions. 

Theorem 10.9. Let q be an odd prime power. For a,b € F^, define f a ^ '■ F ? — > F, ; 
by the ride 

fa,b(x) = (x+a) 2 + b. 

Then the q 2 by q array D = (dqj), where dqj = f a ,b(j ) ft = ( fl / b) C (I 5 ^) 2 , j £ F^l, 
is a 2-(q, q, l)-OA. 
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Proof. Let X\,x 2 G (where X\ x 2 ) and let y 1 , 1/2 € F^. We want to show 
that there is exactly one ordered pair ( a,b ) € (F, ; ) 2 such that 

(*i + a) 2 + b = \j x 



and 



(x 2 + a) 2 + b = y 2 . 

Subtracting the two equations, we can solve uniquely for a: 

= j/i - 3/2 _ M + x 2 

2{x\ — x 2 ) 2 



Then, given a, we obtain a unique solution for b. □ 

Example 10.10. The following 2-(3, 3, l)-0Ais constructed using Theorem 10.9. 





0 


1 


2 


fo,o 


0 


T 


T 


fo,l 


l 


2 


2 


fo,2 


2 


0 


0 


/l,0 


1 


1 


0 


/u 


2 


2 


1 


/l,2 


0 


0 


2 


h,o 


1 


0 


1 


h,\ 


2 


1 


2 


h,2 


0 


2 


0 



/ 0 1 1 \ 
1 2 2 
200 
1 1 0 
2 2 1 
002 
1 0 1 
2 1 2 
\0 2 0j 



This orthogonal array is not linear. This can be seen, for example, by observ- 
ing that the sum of the first two rows (modulo 3) is (1,0,0), which is not a 
row of the array. S 

Finally, we give a powerful nonconstructive existence result for orthogo- 
nal arrays. 

Theorem 10.11 (Gilbert- Varshamov Bound). Let t, t and n be positive integers 
such that 2 < t < i, arid let qbe a prime poiver. Suppose that 



e(V)(?-i )! ’<^ (10 - 2) 

i=o V 2 

Then there exists a linear t-(q, n, A)-OA, where A = 

Proof. We will prove that there exists an i by n matrix, say M, satisfying 
the hypotheses of Theorem 10.4 whenever (10.2) holds. Suppose that Mp is 
the £ by £ identity matrix. It is clear that any t columns of Mp are linearly 
independent. 
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Now suppose that My is an £ by j matrix having entries from such that 

any subset of f columns of My is linearly independent. The number of linear 
combinations of at most t — 1 columns of My is 

KO"- 1 ’ 1 - 

(Note that not all of these linear combinations necessarily yield distinct vec- 
tors.) There are q 1 possible column vectors of length t. Therefore there is a 
column vector, say c, such that c is not one of these linear combinations, pro- 
vided that 

E (T) o? - !)' < ( 10 - 3 ) 

i = o W 

Then we can construct the matrix My + \ by adjoining the column vector c 
to Mj, and My + i again satisfies the property that any subset of t columns is 
linearly independent. 

We assumed that (10.2) holds, which implies that (10.3) is true for j = 
£, i + 1, . . . , n — 1. This means that we can construct matrices My, . . . , M„ sat- 
isfying the required properties, and the matrix M„ is the desired matrix M. 

□ 



10.2 Codes 

Definition 10.12. A code is a pair ( Q,C ) such that the following properties are 
satisfied. 

1. Q is a set of elements called symbols. 

2. C is a set ofn-tuples of symbols called codewords (i.e., C C Q"), where n > 1 
is an integer. 

If Q = F 2 , then a code ( Q,C ) is called a binary code. 

The concept of "distance" is fundamental to the study of codes. We give 
several relevant definitions now. 

Definition 10.13. Let ( Q,C ) be a code, where C C Q n . For x, y e Q", define the 
Hamming distance between x and y to be 

d(x,y) = \{i : Xi^iji}\, 

where x = (x\, . . .,x n ) and y = (yj\, . . . ,y n ). 

The distance of the code ( Q,C ), denoted d (C), is the smallest positive integer d 
such that d(x, y) > d for all x,y6C,x/y. 

( Q,C ) is an (n, M, d, q)- code if the following properties are satisfied: 

1- |Q| = q. 




2. CC Q", 

3. \C\ = M, and 

4. d(C) > d. 
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For future reference, we record some basic facts about the Hamming dis- 
tance. 

Lemma 10.14. For all x,y,z € X", the following properties hold: 

1. d(x,y) = d(y, x), 

2. d(x,y) = 0 if and only ifx = y, and 

3-d(x,y) < d(x, z) + d(y, z) (this is known as the triangle inequality). 

Now we define linear codes. 

Definition 10.15. A code ( Q,C ) is a linear code of dimension m if Q = HP q for 
some prime power q and C is an m-dimensional subspace of the vector space (F, ; )”. 
The dual code of a linear code ( Q,C ) is the code (Q,^), where 

C 1 = {y € (F : x-y = 0 for all xe C}. 

(As usual, "x ■ y" denotes the inner product over F 1? of the two vectors x and y. 
The subspaces C and C 1 are called orthogonal complements of each other.) Then 
(Q,^) is a linear code of dimension n — dim(C). 

Suppose that x e (F 1? )". Define the weight of x to be 

wt(x) = | {i:Xif 0}|, 



where x = (x\, . . . , x n ) . 

Lemma 10.16. Suppose (F q,C) is a linear code, where C C (F^)". Then 

d(C) = min{wt(x) :x€C,x / (0, . . .,0)}. 

Proof. Denote wt(C) = min{wt(x) :xgC,x/(0,...,0)}. Let x,y G C be two 
codewords such that d(x, y) = d(C). The vector x — y e C because C is linear, 
and wt(x — y) = d(x, y) = d(C). Therefore wt(C) < d(C). 

Conversely, let x € C be a codeword such that wt(x) = wt(C). The vector 
(0, . . .,0) G C because C is linear. Then d(x, (0, . . .,0)) = wt(x) = wt(C), so 
d(C) < wt(C). □ 

Theorem 10.17. Suppose that C C (F^)" is a linear code of dimension m. Then 
(F q,C) is an (n,q m ,d,q)-code if and only ifC x is a (linear) (d — l)-(q,n,A)-OA, 
where A = q n ~' n ~ d+1 . 
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Proof. Suppose that (F i; ,C) is a linear (n,q m ,d,q)- code. Clearly C 1 is a sub- 
space having dimension n — m; we will show that it is an orthogonal array. 
Let D be a basis for C 1 , and write the vectors in D as an n m by n matrix. 
We will prove that D satisfies the conditions of Theorem 10.4, and hence it 
will follow that C 1 is an orthogonal array with the stated parameters. 

Suppose that there exist e < d — 1 columns of D that are linearly depen- 
dent, and therefore there exists a dependence relation of the form 



e 



E a ^ = 

7 — 1 



( 0 ,..., 0 ) T , 



where Cj, . . . , c„ are the columns of D. Define a vector x = (x. \ , . . . ,x n ) as 



follows: 



Xh 



«/ ; if h = ij for some j 
0 otherwise. 



Then x • r = 0 for every row r of D and hence x £ C. However, wt(x) = e < 
d(C), which contradicts Lemma 10.16. 

Conversely, suppose that C L is a linear (d — l)-(q, n,A)-OA, where A = 
qtt-m-d+i i m pli es that C has dimension n — m, and hence C has di- 
mension m. Let D be a basis for C 1 ; then D has n — m rows when it is written 
as an array. 

We will prove that the minimum distance of C is at least d. If not, then 
there exists a vector x e C such that 0 < wt(x) < d — 1. Suppose that the 
nonzero entries of x occur in coordinates i \, . . . , i e , where e = wt(x). Clearly 
x • y = 0 for every row y £ D. When C 1 is viewed as an orthogonal array, it 
follows that 

E = 0 

;=i 



for every row y. In other words, in every row of C 1 , the entries in columns 
i\, . . . , i e satisfy a linear dependence relation. This means that it is impossible 
that every e-tuple of symbols occurs in a row of C 1 - within the e columns 
under consideration. Therefore C 1 is not a (d - 1 )-(q, n, Aj-OA, which is a 
contradiction. This contradiction proves that the minimum distance of C is at 
least d. □ 



Example 10.18. Consider the linear 3-(5, 5, l)-OA presented in Example 10.8. 
The following three vectors in (Z 5) 3 form a basis of this orthogonal array: 
(1,1, 1,1,1), (0,1, 2,3, 4), and (0,1, 4, 4,1). Using standard techniques from 
linear algebra, it is not hard to determine a basis for the orthogonal comple- 
ment; the vectors (4, 3, 2, 1, 0) and (2, 3, 4, 0, 1 ) form one such basis. The code 
generated by these two vectors is a (5, 25, 4, 5)-code. 1 
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10.3 Bounds on Codes and Orthogonal Arrays 

In this section, we present a few bounds on codes and orthogonal arrays and 
give some constructions that meet these bounds. 

Theorem 10.19 (Singleton Bound). Suppose that C is an (n, M, d, q)-code. Then 
M < q n ~ d+1 . 

Proof. Suppose that M > q n ~ d+1 . Then, by the pigeonhole principle, there 
exist two codewords x,y € C such that Xj = i/ ( for all i such that 1 < i < 
n — d + 1. Then d(x, y) <n — (n — d + l)=d — l. □ 

Theorem 10.19 can be restated as an upper bound on the distance of a 
code, as follows. 

Corollary 10.20. Suppose that C is an ( n , M, d, q)-code. Then d <n + 1 — log i; M. 

Orthogonal arrays with A = 1 turn out to be equivalent to codes that meet 
the Singleton Bound with equality. 

Theorem 10.21. An (n, M, d, q)-code in which M = q n ~ d+1 is equivalent to a t- 
(q, n, l)-OA in which t = n — d + 1. 

Proof. Suppose that (X, D) is any t-(q,n, l)-OA. Construct a code (X,C) by 
taking the q l rows of D to be the codewords in C. We will prove that (X, C) is 
an (n, q\ n — t + 1, q)- code, as follows. Suppose that d(C) < n — t. Then there 
exist two codewords x, y £ C such that the entries of x and y are the same 
in at least t columns. Within these t columns, the corresponding rows of D 
are identical, which contradicts the assumption that A = 1 in the orthogonal 
array (X, D). 

Conversely, suppose that (X,C) is an (n,M,d,q)- code in which M = 
qti-d+l c ons truct an M x n array, D, by taking the codewords in C to be the 
rows of D. Consider the restriction of D to any subset of n — d + 1 columns. 
The q"~ d+1 (n - d + l)-tuples obtained from the rows of D in this restric- 
tion must all be different (as in the proof of Theorem 10.19). Since there are 
qti-d+l different (« — d + l)-tuples, it follows that every possible (n — d + 1)- 
tuple occurs in exactly one row of D in this restriction. Because this property 
holds for all possible subsets of n — d + 1 columns of D, it follows that D is 
an (n — d + l)-(q, n, l)-OA. □ 

A code in which the Singleton Bound is met with equality is called a max- 
imum distance separable code (or MDS code). Theorem 10.21 establishes that 
MDS codes are equivalent to orthogonal arrays with A = 1. Since we have 
already constructed various families of orthogonal arrays with A = 1, we can 
translate these results into the language of codes. For example, from Corol- 
lary 10.7, we can state the following result. 
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Corollary 10.22. Let t > 2 be an integer, and let q be a prime power. Then there 
exists an (MDS) (q, qf q — t + 1, q)-code. 

The codes obtained in Corollary 10.22 are commonly known as Reed- 
Solomon codes. 



Theorem 10.23 (Sphere-packing Bound). Suppose that (X,C) is an ( n,M r d,q )- 
code. Then 



M < 



n=o (")(? -i)'" 



where e = \f^r-\- 



Proof. Suppose x e X" . Define the sphere with center x and radius e to be the 
following set of vectors, denoted S(x, e): 



S(x, e) = {y e X" : d(x, y) < e}. 



It is not hard to see that 



|S(x,e)| = t(")(q-iy. (10.4) 

i = 0 k / 

We next prove that S(x, e) n S(y, e) = 0 if x,y € C, x y. Suppose 
z € S(x,e) n S(y,e). Then d(x,z) < e and d(y, z) < e. Applying the Trian- 
gle Inequality (Lemma 10.14), we see that 

d(x,y) < d(x, z) + d(y,z) <2 e < d. 



This contradicts the fact that d(C) > d. 

Now consider all the spheres S(x, e), x £ C. These spheres are mutually 
disjoint, and all of them are contained in the set X", which consists of q” 
vectors. Applying (10.4), the following is immediate: 



?">ME 

1=0 



(q-iy. 



Thus the desired result is proven. □ 

A code in which the Sphere-packing Bound is met with equality is known 
as a perfect code. We are easily able to construct infinite families of perfect 
codes with distance 3 using results we have already established. 

Theorem 10.24. Let l >2 be a positive integer, and let q be a prime power. Then 
there is a perfect (n,q m ,3,q)-code in which n = (q e — l)/(q — 1) and m = n — l. 
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Proof. Corollary 10.5 shows there is a linear 2-(q, (cf — l)/(q — l),q l ^ 2 )-OA 
for the stated values of £ and q. Consider the code that is the orthogonal 
complement of this orthogonal array, as described in Theorem 10.17. This 
code has distance 3, and m can be computed from the equation 



r = 



/\q 2 q 



The fact that the code is perfect is a simple computation: 



1 



E 




1 + n(q - 1) = q l , 



and hence 



l 



rL 



(”)(<? -iy = q m+t 



= q 



□ 



The codes constructed in Theorem 10.24 are known as Hamming codes. 
When q = 2, a Hamming code is a (2 f — 1, 2 2 ~ l ~ 1 , 3, 2)-code. This is the 
binary Hamming code. It turns out that the vectors of weight three in a binary 
Hamming code yield a Steiner triple system, which we prove now. 

Theorem 10.25. Suppose that C are the vectors in a ( 2 e — 1, 2 2< ~^~ 1 , 3, 2 )-code. 
Form a matrix M whose columns consist of all the codezvords ofzveight three. Then 
M is the incidence matrix of a (2 1 — 1, 3, 1)-BIBD. 

Proof. Let C3 denote the set of codewords in C that have weight three. Each 
codeword in C3 yields a column vector that corresponds to a block in the set 
system having incidence matrix M. This set system therefore consists of \C$\ 
blocks, each having cardinality equal to three. 

It suffices to show that every pair of points in the set system is contained 
in a unique block. A pair of points corresponds to a column vector, say u 7 , of 
weight two. The code C is perfect, so the spheres of radius 1 whose centers are 
the codewords in C partition the space {0, 1}" (where n = 2 ' — 1 ) . Therefore 
there is a unique x £ C such that u € S(x, 1). We have that wt(u) = 2, wt(x) > 
3 or wt(x) = 0, and d(u, x) < 1. It follows that wt(x) = 3. Therefore the pair 
having incidence vector u occurs in the unique block having incidence vector 
x, and the proof is complete. □ 

Example 10.26. Suppose we take £ = 3. The corresponding Hamming code 
is a (7, 16, 3,2)-code. This code is the dual of the linear orthogonal array ob- 
tained from the matrix 

/I 0 0 0 1 1 1\ 

M = 0101101. 

\0 011011/ 
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The code therefore consists of the following 16 vectors: 



( 0 , 0 , 0 , 0 , 0 , 0 , 0 ) ( 0 , 1 , 1 , 1 , 0 , 0 , 0 ) 

( 1 , 1 , 0 , 0 , 1 , 0 , 0 ) ( 1 , 0 , 1 , 1 , 1 , 0 , 0 ) 

( 1 , 0 , 1 , 0 , 0 , 1 , 0 ) ( 1 , 1 , 0 , 1 , 0 , 1 , 0 ) 

( 0 , 1 , 1 , 0 , 1 , 1 , 0 ) ( 0 , 0 , 0 , 1 , 1 , 1 , 0 ) 

( 1 , 1 , 1 , 0 , 0 , 0 , 1 ) ( 1 , 0 , 0 , 1 , 0 , 0 , 1 ) 

( 0 , 0 , 1 , 0 , 1 , 0 , 1 ) ( 0 , 1 , 0 , 1 , 1 , 0 , 1 ) 

( 0 , 1 , 0 , 0 , 0 , 1 , 1 ) ( 0 , 0 , 1 , 1 , 0 , 1 , 1 ) 

( 1 , 0 , 0 , 0 , 1 , 1 , 1 ) ( 1 , 1 , 1 , 1 , 1 , 1 , 1 ). 

There are seven codewords having weight three. Treating these as incidence 
vectors of points l, ... ,7, we obtain the following seven blocks: 

{2,3,4} {1,2,5} 

{1,3,6} {4,5,6} 

{1,4,7} {3,5,7} 

{2,6,7}. 

These seven blocks form a (7, 3, 1 ) - B I B D . I 



10.4 New Codes from Old 

There are many methods of producing new codes from old ones. We describe 
a few useful techniques in this section. 

Shortening a Code 

Suppose that (X, C) is an ( n , M, d, q)- code. Let x G X, and define 
Cx = {y= (yi, •••,!/«) €C:yi =x}. 

Then define 

short(C, x) = {(y 2 ,...,y n ) : (yi,...,y„) G C x }. 

It is clear that (X, short(C, x)) is an ( n — 1, \C X \, d, y)-code. 

The following result can now be proven. 

Theorem 10.27 (Shortening a Code). Suppose there is an ( n , M, d, q)-code. Then 
there is an (n — 1, M ' , d, q)-code, where M' > M/q. 

Proof. Suppose that (X,C) is an (n,M,d,q)- code. It is clear that the q sets 
of vectors C x (x G X) are disjoint and partition C. Hence, there exists some 
i 0 G X such that |C Xo | > M/q, and consequently (X, short(C, Xo)) is an ( n ~ 
1, M', d, q)- code with M' > M/q. □ 
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Pasting Codes Together 

Suppose that (. X,C ) is an (ni,Mi,di,c/)-code and (X,T>) is an (n 2 ,M 2 ,d 2 ,(7)- 
code. Without loss of generality, suppose that M\ < M 2 .LetC = {x!,...,x Ml } 
and let V = {y\, ■ ■ . ,y m 2 }- Let u and v be positive integers, and define the 
code (X, uC ® vV) to consist of the following M\ vectors: 



|| • • • || x,; II y i II • • • II y ij 

U V 

for 1 < i < Mi- In other words, the ith codeword in uC ® vT> is formed 
by concatenating u copies of the ith codeword in C and v copies of the ith 
codeword in V. The code (X, uC ® vT>) is easily seen to have parameters as 
stated in the following theorem. 

Theorem 10.28 (Pasting Codes Together). Suppose there is an (n\,M\ r di r en- 
code and an (n 2 , M 2 , d 2 , q)-code, where M\ < M 2 ■ Let u and v be positive integers. 
Then there exists a (■ u n\ + v n 2 , M\, n d\ + v d 2 , q)-code. 

The u, u + v Construction 

Suppose that (X,C) is an {n,M\,d\, 2)-code and (X, D) is an («,M 2 ,d 2 , 2)- 
code, where X = {0,1}. We construct a code (X, £) by taking all vectors 
formed as follows: 



£ = {u||u + v:ueC, veP}. 

Here, addition denotes addition of vectors modulo 2, as usual. Clearly every 
vector in £ has length 2 n, and there are M^M 2 vectors in £. We compute a 
lower bound on the distance of (X, £) as follows. 

First, suppose that u/u '. Then 

d(u || u + v, u' || u r + v) = 2d(u, u 7 ) > 2 d\. 

Next, suppose that v / v'. To handle this case, we use the following 
lemma. 

Lemma 10.29. Suppose that u, u'^v' e (Z 2 )”. Then 

d(v,v') < d(u,u')+d(u+v,u'+v'). 

Proof. Let u = {u\,. u' = (u' v . . . ,u' n ), v = {v\, . . . ,v n ), and v' = 

(' v' v . . . , v' n ). Define the following subsets of {1, ... , «}: 

A = {i : Uj = u'i and V; = !?■}, 

B = {i : Uj = u’j and Vj 7^ f ■}, 

C = {/ : Uj 7^ M- and Vj = v'j}, and 

D = {i : Uj 7^ Uj and Vj 7^ z;J}. 
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It is not hard to see that 



d(u,u') = |C| + |D|, 
d(v,v') = |B| + |D|, and 
d(u + v,u'+v') = \B\ + | C | . 

Hence, 

d(u,u')+d(u + v,u' + v') = |B|+2|C| + |D| > \B\ + |D| = d(v, v') 
because |C| > 0. □ 

Now, assuming that v/v' and applying Lemma 10.29, we have that 

d(u || u + v,u' || u' + v') = d(u,u') + d(u + v,u' +v') 

> d(u,u') + d(v, v') - d(u,u') 

= d(v,v') 

A ^2- 

Summarizing the above, we obtain the following result. 

Theorem 10.30 (u, u + v Construction). Suppose there exists an ( n , Mi, d\, 2)- 
code and an (n, M2,d2,2)-code. Then there exists a (In, M 1 M 2 , d, 2)-code, where 
d = min{2di, ^ 2 }. 

Example 10.31. Suppose that C consists of the following vectors: 

(0,0, 0,0) (0,0, 1,1) 

(0, 1,0,1) (0,1, 1,0) 

(1,0, 0, 1) (1,0, 1,0) 

(1, 1,0,0) (1,1, 1,1), 

and suppose that V is as follows: 

(0,0, 0,0) (1,1, 1,1). 

(Z 2 ,C) is a (4, 8,2, 2) -code and (Z?,!?) is a (4,2,4,2)-code. Applying Theo- 
rem 10.30, we get the following (4, 16,4, 2)-code: 

(0,0, 0,0, 0,0, 0,0) (0,0, 1,1, 0,0, 1,1) 

(0,1, 0,1, 0,1, 0,1) (0,1, 1,0, 0,1, 1,0) 

(1,0, 0,1, 1,0, 0,1) (1,0, 1,0, 1,0, 1,0) 

(1,1,0, 0,1, 1,0,0) (1,1, 1,1, 1,1, 1,1) 

(0,0, 0,0, 1,1, 1,1) (0,0, 1,1, 1,1, 0,0) 

(0,1, 0,1, 1,0, 1,0) (0,1, 1,0, 1,0, 0,1) 

(1,0,0, 1,0, 1,1,0) (1,0, 1,0,0, 1,0,1) 

( 1 , 1 , 0 , 0 , 0 , 0 , 1 , 1 ) ( 1 , 1 , 1 , 1 , 0 , 0 , 0 , 0 ). 



I 
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10.5 Binary Codes 

10.5.1 The Plotkin Bound and Hadamard Codes 



Recall that a binary code is one in which the alphabet is F 2 = {0, 1}. In this 
section, we prove some results on binary codes. We begin by stating and 
proving a bound for binary codes having a "large" Hamming distance. 

Theorem 10.32 (Plotkin Bound). Suppose that ({0, 1 },C) is an (n, M, d, 2) -code, 
and suppose that d > n/1. Then 



Proof. Let the codewords in C be named x ;/ 1 < i < M, and construct an 
M x n matrix, say N, whose rows are the codewords. Define 

M M 

s = EE d ( x /' x ;)- 

i=lj=i 

This sum contains M(M — 1) terms that are each at least d, and M terms equal 
to 0. Hence, we have that 

S > M(M — l)d. (10.5) 

We now determine an upper bound on S. Suppose that column c contains 
t c "l"s and M — t c "0"s (1 < c < n). Then 



S= £2t c (M~t c ). 

C= 1 



Suppose that M is even. Then the maximum value of t(M — t) (for 0 < 
t < M) occurs when t = M/2, and hence t(M — t) < M 2 / 4. Therefore, it 
holds that 



S < 



nM 2 

“ 2 “' 



( 10 . 6 ) 



Now, combining (10.5) and (10.6), we see that 



nM 2 

M(M — l)d < 
or 

M(2d — n) < 2d. 
Because 2d > n, it follows that 



M < 



2d 

2d — n ' 



Because M is an even integer, it follows that 
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M < 2 



d 

2d — n 



Now suppose that M is odd. In this case, the maximum value of f (M — t) 
(for 0 < t < M, t an integer) occurs when f = (M + l)/2orf = (M — l)/2, 
and hence f(M — t) < (M 2 — l)/4. Therefore, it holds that 



S < 




1 ) 



(10.7) 



Now, combining (10.5) and (10.6), we see that 

M(M — l)d < n ^ h/[2 ~ V > 



or 



M(2d — n) <n. 

Because 2d > n and M is an integer, it follows that 

, , I n I I 2rf I 
M < — = — - 1. 



n 




2d 


2d — n 




2d — n 



For any real number e > 0, it holds that 2e i < 2 \e I 1 . Hence, taking 
e = 2/ (2d — n), it follows that 



M < 2 



d 

2d — n 



This completes the proof. □ 

Codes meeting the Plotkin Bound with equality can be constructed pro- 
vided that certain Hadamard matrices exist. Naturally enough, they are 
known as Hadamard codes. We first establish a preliminary result. 



Lemma 10.33. Suppose there is a Hadamard matrix of order n. Then there exists an 
(n — 1, n, |,2 )-code and an ( n — 2, |, j,2 )-code. 



Proof. Let H be a standardized Hadamard matrix of order n. Delete the first 
column of H, and take the rows of the resulting matrix to be codewords of 
a code. This yields the (n — 1, n, j, 2) -code (see the proof of Theorem 4.4). 
Then apply Theorem 10.27 to obtain the second code. □ 



Now, suppose that d and n are both even and d > n/2. Define k 
Then, define 

d(2k + 1) — n(k + 1) 



u = 



2d— n J ’ 
( 10 . 8 ) 



and 



2 
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V = 



nk — d(2k — 1) 
2 



(10.9) 



Using a bit of arithmetic, we can show that u and v are integers such that 
u > 0 and v > 0. First, it is clear that u and v are integers because n and d are 
even. We have upper and lower bounds on k: 



d 

2d — n 



- 1 < k < 



d 

2d — n' 



We will use these bounds on k to prove lower bounds on u and v. 

First, we have that u > 0 if and only if d(2k + 1) — n(k + 1) >0. But 

d(2k + 1) — n(k + 1) = k(2d — n) + d — n 

= d — (2d — n) + d — n 
= 0 ; 



hence u > 0. 

Similarly, v > 0 if and only if nk — d(2k — 1) >0. But 



nk — d(2k — l) = d — k(2d — n) 

^ d -(w^) {2d ~ n) 

= d-d 

= 0 ; 



hence v > 0. 

Suppose that Fladamard matrices of orders 4 k and 4/c + 4 both exist. Let 
C be the codewords of a (4/c — 2, 2k, 2k, 2)-code and let V be the codewords of 
a (4 k + 2,2 k + 2,2 k + 2, 2) -code (these are constructed using Theorem 10.33 
with n = Ak and n - 4/c + 4, respectively). Now construct the code having 
codewords uC © vV. Using the formulas in Theorem 10.28, the resulting code 
is seen to meet the Plotkin Bound, and we obtain the following result. 



Theorem 10.34 (Levenshtein's Theorem). Suppose that n and d are even posi- 



2 d—n 



, and suppose that Hadamard 



tive integers such that 2d > n. Define k = 
matrices of order 4 k and 4k + 4 exist. Then there exists an (n, 2k, d, 2 )-code, which 
meets the Plotkin Bound with equality. 



Proof. We need only to check that the constructed code has n and d as stated. 
The code is formed by pasting together n copies of a (4k — 2, 2k, 2k, 2) -code 
and v copies of a (4k + 2, 2 k + 2, 2k + 2, 2)-code, where u and v are defined in 
(10.8) and (10.9), respectively. The resulting code is a 

(u(4k — 2) + v(4k + 2), 2 k, u(2k) + v(2k + 2),2)-code. 
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However, 



u(4k — 2) + v(4 k + 2) 

' d(2k + 1) — n{k + 1) 



(4fc-2) 



nk — d(2k — 1) 



(4 k + 2) 



= n, 



and 



u(2k) + v(2k + 2) 

= (a) + ) (2t + 2) 

= d. 



Finally, notice that the number of codewords in this code is 2k = 2 



d 

2d—n 






□ 



Example 10.35. Suppose we take n = 24 and d = 14. Then k = 3, and 
u = v = 1. We can use Hadamard matrices of orders 12 and 16 to con- 
struct a (10,6, 6,2)-code and a (14,8, 8,2)-code, respectively. Pasting these 
two codes together, we would obtain a (24,6, 14,2)-code, which meets the 
Plotkin Bound with equality. 1 



10.5.2 Reed-Muller Codes 

Reed-Muller codes are closely connected to Boolean functions. We first re- 
view some notions and notation from Section 4.8. Recall that a Boolean func- 
tion of n variables is any function / : (Z 2)’ 1 —> and B„ denotes the set of 
all 2 2 Boolean functions of n variables. For a function / € B n , (p(f) € (Z 2) 2 
is the vector formed by evaluating / at all x G (Z 2 )". 

Recall also that the affine functions in B„ are the 2" +1 functions / € B„ 
having the form 



/(x) = «o + + • • • + a n x„ mod 2, 

where x = (x \, . . . , x n ) and aQ, a\, . . . , a n e Z 2 . 

The first-order Reed-Muller code, denoted 72.(1, n), is the code whose code- 
words are all the vectors (p(f), where / € B n is an affine function. First, we 
show that 72(1, n) is a linear code, as follows. The sum of any two affine func- 
tions, say f\ and fj, is again an affine function. Furthermore, the modulo 2 
sum of the corresponding codewords, <p(f \ ) and </h /2 j, is another codeword 
because <£(/i) + ^(/ 2 ) = (p(fi + fi). 

Recall that the distance of a linear code equals the minimum weight of a 
nonzero codeword (Lemma 10.16). Therefore we can determine the distance 
of 72(1, n) if we know the weights of the codewords in 72(1, n). We prove the 
following simple lemma concerning these weights. 
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Lemma 10.36. Suppose that f G B n is an affine function. Then 

fo *// = 0 

wt = l 2 n iff = 1 

[2” _1 otherwise. 

Proof. Clearly wt(<p(0)) = 0 and wt(^(l)) = 2”. Now, suppose that/ f 0, 1 is 
an affine function, say /(x) = a§ + a\X\ + ■ ■ ■ + a„x n mod 2. Because f f 0,1, 
there exists an integer i > 1 such that a t = 1. Suppose that arbitrary values 
for x \, . . . , x i i , x,' + i, . . . , x„ G Z 2 have been chosen, and denote 

A = ao + Y2 a j x j m °d 2. 

l<j<n,j^=i 

Then /(x) = 0 if X; = A, and /(x) = 1 if x, f A. 

Summing over all 2" -1 choices for x\, . . . , x,_i, x, + i, . . . , x,„ we find that 
there are exactly 2" -1 vectors x such that /(x) = 0 (and there are also 2"~ 1 
vectors such that /(x) = 1). □ 

Corollary 10.37. For any integer n > 2, 72.(1, n) is a linear (2",2 n+1 ,2" -1 ,2)- 
code. 

Example 10.38. We construct the code 72(1,2). The eight affine functions / G 
£>2 yield codewords cp(f ), where <|>(/) = (/(0, 0),/(0, 1),/(1, 0),/(l, 1)), as 
follows: 

/ <P(f) wt (/) 



0 


(0,0, 0,0) 


0 


1 


(1,1, 1,1) 


4 


X 2 


(0,1, 0,1) 


2 


1 + X2 


(1,0, 1,0) 


2 


Xi 


(0,0, 1,1) 


2 


1 + X\ 


(1, 1,0,0) 


2 


X-[ + *2 


(0,1, 1,0) 


2 


1 X\ H - X 2 


(1,0, 0,1) 


2 



(Compare this to Example 4.40.) S 

Reed-Muller codes of order r > 1 are constructed by generalizing the 
approach above. Instead of using affine functions, which can be thought of 
as polynomials of degree at most one, we use polynomials of degree at most 
r. We begin this discussion by establishing some basic results about Boolean 
polynomials. 

Let X\, . . . , x„ be indeterminates taking on values in Z 2 . Then, for 1 < i < 
n, Xj and x, 2 are equivalent polynomials because 0 2 = 0 and l 2 = 1 in Zb. 
Therefore, in our consideration of Boolean polynomials, we can assume that 
there are no occurrences of any terms of the form xf, where j > 1. 
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A Boolean monomial of degree r is a polynomial of the form Xf x, 2 . . . x, r , 
where 1 < i\ < ;? < • • • < i r < n. (The Boolean monomials of degree zero 
are 0 and 1.) A Boolean polynomial is a modulo 2 sum of one or more different 
Boolean monomials. Let V n denote the set of all Boolean polynomials in n 
indeterminates. The degree of a Boolean polynomial p G V n is the maximum 
degree of any monomial that occurs in the representation of p as a sum of 
monomials. 

The number of different monomials is 2" because there is a monomial 
associated with every possible subset of {1 ,...,«} and there are 2" subsets 
of {1, , n}. The number of Boolean polynomials, \ V n |, is therefore equal to 
2 2 because a Boolean polynomial is expressed as a sum of a subset of the 2" 
possible monomials. 

Recall that there are 2 2 " different Boolean functions on n variables. It is not 
hard to see that the 2 2 Boolean polynomials are distinct (when considered 
as functions) and there is a natural bijection between the set V n and the set 
B n . This is proven in the following lemma. 

Lemma 10.39. For every Boolean function f € B n , there is a unique polynomial 
Pf G V n such that /(x) = p y(x) for all x G (2b)". 

Proof For any z € (2b)", define T z G V n as follows: 

T z = n C 1 + x i ) El x i’ 

{»:z;=0} t>':z,=l} 

where z = (zj, . . . ,z„). Then it is clear that T z (x) = 1 if and only if x = z. 
Now, for any / G B„, define Pf G V n by the following formula: 

p f = £ T z . (10.10) 

{ze(Z 2 )»:/(z)=l} 

It is easy to verify that /(x) = py(x) for all x G (2b)". This proves that there is 
at least one polynomial with the stated property for every / G B„. However, 
there are the same number of functions as polynomials (i.e., \B„\ = \P n \), 
so there must be exactly one polynomial with the stated property for every 
/ G B n . □ 

Example 10.40. Let's first do a specific example computation of a polynomial 
Pf. Suppose that /(0, 0) = /( 1,0) = f (1,1) = 1 and /( 0, 1) = 0. Then, apply- 
ing (10.10), we have that 

Pf = X\X 2 + Xi(l + X 2 ) + (1 + Xi)(l + X 2 ) mod 2 
= X\X 2 + Xi + X 1 X 2 + 1 + x 1 + x 2 + X\X 2 mod 2 
= 1 + X 2 + X\X 2 . 

By doing similar computations, it is possible to tabulate all 2 22 = 16 
Boolean functions of two variables X\ and X 2 and their (simplified) repre- 
sentations as polynomials. These are presented in Table 10.1. 
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/ 


/(0,0) 


/( 0,1) 


/( 1,0) 


/(LI) 


Pf 


deg(pf) 


fo 


0 


0 


0 


0 


0 


0 


h 


0 


0 


0 


1 


*1*2 


2 


h 


0 


0 


1 


0 


*1 + *1*2 


2 


fo 


0 


0 


1 


1 


*1 


1 


fo 


0 


1 


0 


0 


*2 + *1*2 


2 


fo 


0 


1 


0 


1 


*2 


1 


fo 


0 


1 


1 


0 


*1 +*2 


1 


fo 


0 


1 


1 


1 


*1 +*2 +* 1*2 


2 


fo 


1 


0 


0 


0 


1 + *1 + *2 + * 1*2 


2 


fo 


1 


0 


0 


1 


1 + *! + *2 


1 


fw 


1 


0 


1 


0 


1 + *2 


1 


/11 


1 


0 


1 


1 


1 + *2 +* 1*2 


2 


/12 


1 


1 


0 


0 


1 + *1 


1 


/l3 


1 


1 


0 


1 


1 + *! + * 2*2 


2 


/l4 


1 


1 


1 


0 


1 + * 1*2 


2 


/l5 


1 


1 


1 


1 


1 


0 



Table 10.1. Boolean Functions of Two Variables 



Note that the function fn (in the Table 10.1) is the function f considered 
initially. § 

Let 0 < r < n. The rth-order Reed-Muller code, denoted lZ(r,n), is the 
code whose codewords are all the vectors tp(J ), where / € V n is a Boolean 
polynomial of degree less than or equal to r. It is not hard to see that lZ(r,n) 
is a linear code. 

The number of monomials of degree i is (") . Therefore, the number of 
monomials of degree at most r is 




These monomials form a basis for 7 Z(r,n), and hence the number of code- 
words in 7 Z(r, n) is 2 m . 

We now consider the distance of the code lZ(r, w).This can be determined 
fairly easily by showing how to construct Reed-Muller codes using the u, u + 
v construction. The argument we use will be inductive, and we will use the 
codes R(0, n) and 7 Z(n, n) as base cases. These base cases are easily analyzed 
as follows. 

Lemma 10.41. For all integers n > 1, 7£(0, n) is a (2 n ,2,2 n ,2)-code, and lZ(n,n) 
is a (2”,2 2 ",1,2 )-code. 



Proof. It is easy to see that 'RAO, n) consists of the two vectors (0, ... ,0) and 
(1, . . . , 1), and 7 Z(n, n) consists of all 2 2 vectors in (Z 2) 2 . □ 
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Lemma 10.42. Suppose that 0 < r < n. Then the code 7 Z(r,n) can be constructed 
by applying the u, u + v construction to the codes lZ(r, n — 1) and lZ(r — 1, n — 1). 

Proof. Let C be the codewords of the code that is constructed by applying the 
u,u + v construction to lZ(r,n — 1) and 7 Z(r — 1 ,n — 1). We first prove that 
7 l(r,n) C C. A codeword in 7 Z(r,n) has the form <p(f), where / € V n has 
degree at most r. We can write the polynomial / in the form 

f = Xlfl+ fh 

where f\ and /2 are polynomials in the n — 1 indeterminates Xi, . . . , x n . Also, 
the degree of f\ is at most r — 1 and the degree of f 2 is at most r, so <p(f\) € 
lZ(r — 1 ,n — 1) and <p(f 2 ) € 7 Z(r, n — 1). Now, it is not difficult to see that 

<P(f) = 4>if2) II 

This is because the first 2 lh 1 binary n-tuples in lexicographic order have x\ = 
0, and the last 2" -1 binary n-tuples have X\ = 1 . 

By Theorem 10.30, we have that 

\C\ = |72.(r,w — 1)| x \lZ(r — l,n — 1)|. 



If we can show that 

|72.(r,n — 1)| x U{r - l,n - 1)| = \R(r,n)\, (10.11) 

then we will be finished because 7 Z(r,n) C C. Proving (10.11) is a straight- 
forward computation involving binomial coefficients, which we leave for the 
reader to do. □ 

Example 10.43. Consider the Boolean polynomial / = x\ + xj + X\X 3 + X 2 ^ 3 - 
We can write / = X\ (1 + xf) + X 2 + X 2 X 3 , so f\ and /2 (as defined in the proof 
of Lemma 10.42) are computed to be /1 (X2, xf = 1 + X3 and f 2 (x 2,^3) = 
x 2 + x 2 x 3 . It is easy to verify that 

= (/i(0/0),/i(0, l),/i(l,0),/i(l, 1)) 

= ( 1 , 0 , 1 , 0 ), 

<p(f2) = (/2(0,0),/2(0,1),/ 2 (1,0),/ 2 (1,1)) 

= (0,0, 1,0), and 

<p(f) = (/(0,0,0),/(0,0,l) /(1,1,0),/(1,1,1)) 

= ( 0 , 0 , 1 , 0 , 1 , 0 , 0 , 0 ) 

= (0,0, 1,0) II (0,0, 1,0) + (1,0, 1,0), 

as shown in Lemma 10.42. S 

Now it is a simple matter to determine the minimum distance of 1Z (r,n) 
using Theorem 10.30. 




10.5 Binary Codes 247 



Lemma 10.44. The minimum distance ofTZ(r,n) is 2" r for all 0 < r < n. 

Proof. The assertion is true for the "base cases" r = 0 and r = n by Lemma 
10.41. We proceed by induction on n, assuming that n > 2. We proved that 
7 Z(r,n) is constructed from 72. (r, n — 1) and 72 (r — 1, n — 1) using the u, u + v 
construction. By induction or by a base case, it holds that 

d(72(r,n-l)) = 2 n ~ r ~ 1 



and 

d(72(r — l,n — 1)) =2 n ~ r . 

From Theorem 10.30, we have that 

d(72(r, n — 1)) > min{2 x 2 n ~ r ~ x , 2 n ~ r } = 2 n ~ r . 



The minimum distance is seen to be equal to 2 n ~ r by exhibiting a code- 
word in 72 (r, n) having weight 2 n ~ r . Let u € 72 (r, n — 1) have weight 2 ,!-r-1 
and let v = (0, ... ,0). Then the codeword u j| u + v = u || u has weight 
2 x 2 ”~ r ~ 1 = 2” -r . Since the distance of a linear code is the same as the min- 
imum weight of a nonzero codeword, the desired result follows. □ 

Summarizing the results above, we have the following. 

Theorem 10.45 (Reed-Muller Codes). Suppose that r and n are integers such 
that 0 < r < n. Then the Reed-Muller code 1Z(r,n) is a linear (2 n ,2 m ,2 n ~ r ,2)- 
code, where 




Example 10.46. We present a basis for the code 72(2,4) that consists of the 
codewords generated by the 11 monomials f £ of degree at most two: 



/ 


<K/) 


1 


1111111111111111 


X\ 


0000000011111111 


X 2 


0000111100001111 


x 3 


0011001100110011 


X 4 


0101010101010101 


X\X 2 


0000000000001111 


XiX 3 


0000000000110011 




0000000001010101 


*2*3 


0000001100000011 


X2^4 


0000010100000101 


^“3^4 


0001 0001 0001 0001 



I 
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Reed-Muller codes turn out to be closely related to affine geometries over 
Z 2 . We discuss some of these connections now. Suppose that F is an (n — k)- 
flat in AG,, (2). Then F is the solution set of a system of k linear equations in 
n indeterminates over Z?, which can be written in the following form: 

U\\X\ + • • • + U\ n X n = C\ 
a 21 x l + • • • + d2n x n = C2 



a kl x l + ' ' ' + ^kn x n — Cfr. 

This can be expressed in an equivalent way, in the form of a single equation, 
as follows: 

k 

+ • • • + cij n x n + Cj + 1) = 1. 

i=i 

The polynomial 

PF (*) = n(«d*l 4 h a in x n + G + 1) 

i 

is a Boolean polynomial of degree k. Hence, (pip f) is a codeword in 7 Z(r, n) 
provided that r >k. 

Given the flat F, we can form an incidence vector Sf € {0, l} 2 " in the 
usual way, where the coordinates of the vector Sp € {0, 1 } 2 " are all the points 
in (Z 2)’ 1 in lexicographic order. The incidence vector Sf records which points 
(xi , . . . , x„) are in the flat F. Then it is easy to see that Sf = ^(pf ), and we 
have the following. 

Lemma 10.47. Let F be an (■ n — k)-flat in AG, ,(2). Then the incidence vector ofF is 
a codeword in 7 Z(r,n) whenever r >k. 

The lemma above shows that every flat in AG„ (2) yields a codeword in a 
Reed-Muller code. Not every codeword can be formed in this manner, how- 
ever. For example, 72.(2, 4) contains codewords of weight six, and there are 
no flats in AG2(4) containing exactly six points. However, we will show that 
the codewords <p(f ), where / is a monomial, all correspond to flats. This is 
not hard to see: a monomial of degree k, say x, t x, 2 ■ ■ ■ Xj , takes on the value 
1 if and only if 

x h = x i2 = ■ ■ ■ = x ik = 1 . 

This is equivalent to the following system of k linear equations: 

X i x = 1, x i2 = 1, . . . , x ik = 1, 

which is a flat of dimension n — k. 

Because the monomials of degree at most r form a basis for the code 
lZ(r,n), this means that the codewords corresponding to flats of dimension 
at least n — r generate this code. Expressed mathematically, we have the fol- 
lowing theorem. 
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Theorem 10.48. 

span(sp : F is a d-flat in AG, ; (2) and d>n — r) = lZ(r,n). 

Example 10.49. Consider the code 71(2,4). The results proven above establish 
that every 2-flat, 3-flat, and 4-flat in AG< 4 ( 2 ) yields a codeword in 1Z(2,4); and 
conversely, every codeword in 1Z (2, 4) is a sum of codewords corresponding 
to flats of dimension 2, 3, or 4. 

Consider the 2-flat F = {1010, 1100, 1111, 1001}. It is not hard to see that 
F is the solution set of the following system of two linear equations: 

X\ -\~ X2 T X 3 -F X 4 = 0 

Xj = 1. 

Therefore the corresponding polynomial pp(\) is the following: 

Pf (x) = Xi(X\ + X2 + X3 + X4 + 1 ) 

= X\ 2 + X\X2 + X1X3 + X\X 4 + X\ 

= X1X2 + X 1 X3 + X 1 X 4 . 



(Notice that we simplified pp using the fact that x 2 + X\ = X\ + X\ = 0.) The 
codeword in 1Z(2,4) associated with the flat F is 

s p = <p(p F ) = 0000 0000 0110 1001. 

Conversely, suppose we start with a codeword in 7^(2, 4), say 

11100001 11100001. 

This codeword is derived from the following sum of three monomials: 1 + 
x 2 + X3X4. The three monomials 1, Xj, and X3X4 correspond to flats of dimen- 
sions 4, 3, and 2, respectively. 1 



10.6 Resilient Functions 

In this section, we consider Boolean functions of the form f : (Zy ” — > (Z 2 ) m 
(the Boolean functions we studied previously were the special case m = 1). 
We write (\j\, . . . , y m ) = f(x 1 , . . . , x n ), where X\,..., x n are the n input vari- 
ables and yi, ... , y m are the m output variables. The set of all such functions is 
denoted B n , m . 

Definition 10.50. Let t, m, and n be positive integers such that t < n, and suppose 
that f £ B, hm . Suppose that the values oft of the n input variables are fixed, and the 
remaining n — t input variables are chosen independently and uniformly at random. 
Then f is said to be a f-resilient function provided that every possible vector of 
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output variables is equally likely to occur. More formally, the property can be stated 
as follows: For every t-subset {z'i, . . . , it } C {1, . . . , n},for every choice ofzj G Z? 
a < j < t), and for every (\j\, . . . ,y m ) G (Z 2 ) m , we have that 

Pr[f(x 1 ,...,x„) = (yi,...,ym)\xij = Zy, 1 <j<t]= 2~ m . 

We will refer to such a function f as an (n, m, f)-resilient function. 

Example 10.51. Let m = 1 and t = n — 1. Define 



f(x 1 , . . . , x„) = x\ + ■ ■ ■ + x„ mod 2. 

Then /isan(zz,l,zz — 1 ) -resilient function. S 

Example 10.52. Let m = n — 1 and t = 1. Define 

/(xi, . . . ,x n ) = (x\ + X 2 mod 2 ,x 2 + *3 mod 2, . . . ,x n _\ + x n mod 2). 

Then / is an (■ n,n — 1,1 ) -resilient function. S 

Example 10.53. Let m = 2 ,n= 3 li, and t = 2h — 1. Define 

fix 1 , . . . , x n ) = (xi + • • • + X 21 , mod 2, X} l+ i + • • • + xy t mod 2). 

Then f is an [n, 2, 2n / 3 — 1 )-resilient function. S 

Resilient functions are closely related to certain collections of orthogonal 
arrays, which we define now. A large set of t-{v,k, X)-orthogonal arrays, de- 
noted t-(v,k, A)-LOA, is defined to be a set of ir f /A simple t-(v,k, A)-OAs 
such that every possible /c- tuple of symbols occurs in exactly one of the or- 
thogonal arrays in the set. (Equivalently, the union of the orthogonal arrays 
forms a k-(v, k, 1 )-OA.) 

Theorem 10.54. An {n, m, t)-resilient function is equivalent to a t-{ 2, n, 2 n ~ m ~ t )- 

LOA. 

Proof. First, suppose / : (Z?) n — > (Z 2 ) m is an (n, m, t)-resilient function. For 
any y G (Z 2 ) m , form an array Ay whose rows are the vectors in the inverse 
image / (y). Ay is an |/ -1 (y) | x n binary array. It is clear that the 2 m arrays 
Ay together contain every possible //-tuple as a row, so if each Ay is a t- 
(2, n, 2 n ~ m ~ t )-OA, then we automatically get a f-( 2, n, 2" -m-f )-LOA. 

Let {h,...,i t } C {1 ,...,«} be a f-subset, and let Zj G Z 2 (1 < j < t). 
For every y G (Z 2 ) m , let A(y) denote the number of rows in Ay in which zy 
occurs in column zy for all y, 1 < ; < f. It is easy to see that 

E A(y) = 2" _f . 

ye(Z 2 )'« 
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This is because the total number of possible n-tuples satisfying the conditions 
that Zj occurs in position / for all j, 1 < / < t, is 2" f . 

Now, it is clear that 

Pr \f(xi,...,x„) = (y 1 / ... / y m ) \x ij = Zj, 1 < j < t] = (10.12) 

Since / is ^-resilient, we get 

My ) rs—m 

2 n—t ' 

or A(y) = 2 n ~ m ~ t . Since {/, . . . , it } and zy (1 < j < t) are arbitrary, we have 
shown that each Ay is a f-( 2, n, 2 n ~ m ~ t )-OA, as desired. 

Conversely, suppose we start with a f-(2, n,2” _m_f )-LOA. There are 2 m 
arrays in the large set; arbitrarily name them Ay, y £ Then define a 

function / : (Z 2 )" — » (Z 2 ) m by the rule 

/(^,...,x„) = (j/i, - - -,i/m) (X!,...,^,,) e 

Using (10.12), it is easy to see that the function / is f-resilient. □ 

Example 10.55. Consider Example 10.53 with h = 2: 

f(x 1 , * 2 , *3, *4, * 5 , *6) = ( J i + X 2 + X 3 + X 4 mod 2 ,x 3 + X 4 + x$ + X(, mod 2). 

This is a (6, 2, 3)-resilient function, and by Theorem 10.54, it is equivalent to a 
3-(2, 6, 2)-LOA. There are four orthogonal arrays in the large set, one of which 
is obtained from/ -1 (0,0): 

/000000\ 

0 10 10 1 
0 0 0 0 1 1 
0 10 110 
1 1 0 0 0 0 
10 0 10 1 
110 0 11 
10 0 110 
0 0 1 1 0 0 ■ 

0 110 0 1 
0 0 1111 
0 110 10 
11110 0 
10 10 0 1 
1 1 1 1 1 1 
\1 0 1 0 1 0/ 



The other three orthogonal arrays in the large set are constructed easily as 

well. I 
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A resilient function is a linear resilient function if every output variable is a 
linear function of the input variables. All of the examples of resilient function 
considered above are linear. The following theorem gives a characterization 
of linear resilient functions in terms of linear codes. 

Theorem 10.56. There is a linear {n,2 m ,d,2)-code if and only if there is a linear 
(n, m, d — T)-resilient function. 

Proof. Let G be an m x n matrix whose rows form a basis for a linear 
(n, 2 m , d, 2)-code, say C. Define the function / : (Z i ) n — > (Z 2)" 1 by the rule 

f(x i,...,x n ) = {x\, . . . ,x„)G T , 

where all arithmetic is modulo 2. Clearly / is linear; we will establish that / 
is an (n, m, d — l)-resilient function with the aid of Theorem 10.54. 

It is easy to see that the inverse image / -1 (0, . . . , 0) is in fact the dual code 
C 1 . Theorem 10.17 asserts that C ^ is a (d — l)-(2,n,2" -m-rf+1 )-OA. Now, any 
other inverse image / -1 (y) (y € (Z 9 )"') is an additive coset of C 1 , and thus it 
is also a (d — l)-(2, n,2 n ~ m ~ d+ 1 )-OA. Hence we obtain 2 m orthogonal arrays 
that form a large set. By Theorem 10.54, / is an (n, in, d — 1 )-resilient function. 

Conversely, suppose that / is a linear ( n,m,d — l)-resilient function. Be- 
cause / is linear, it can be written in the form /(x) = xG r , where G is an m x n 
matrix. The proof of Theorem 10.54 shows that / -1 ( 0, . . .,0) is a (d 1)- 
(2, n, 2 n ~ m ~ d+1 )-OA. Clearly this orthogonal array is linear, so Theorem 10.17 
can be applied. This theorem shows that the dual of the orthogonal array is a 
linear (n, 2 m , d, 2)-code (the rows of G are actually a basis for this code). □ 

We illustrate the application of Theorem 10.56 in an example. 

Example 10.57. From Corollary 10.37, a first-order Reed-Muller code, 72.(1, n), 
is a linear (2",2" +1 ,2" -1 ,2)-code. Therefore there exists a (2 ", n + 1,2" -1 — 
1 (-resilient function for all positive integers n. When n = 2, the code 72(1, n) 
has basis (1, 1,1, 1), (0, 1,0, 1), and (0,0, 1,1). The matrix G, described in the 
proof of Theorem 10.56, is as follows: 



G = 



/ 1 1 1 1 \ 

0 10 1 , 

\0 0 11 / 



and the resulting (4, 3, 1) -resilient function is defined to be 
f{x\,X 2 ,x?„xf) = (x\ + X 2 + X 3 + X 4 mod 2, X 2 + X 4 mod 2 ,xj, + X 4 mod 2). 

I 

Theorem 10.56 can also be used to verify the resiliency of linear functions. 
Basically, all that is required is to write down the matrix G and determine the 
distance of the resulting linear code. We illustrate this process now. 
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Example 10.58. Consider the resilient function described in Example 10.53. 
The matrix G is as follows: 



fl ■■■ 1 1 • • • 1 0 • • • 0 \ 
\0 ■■■ 0 1 • • • 1 1 • • • 1 ) ' 



and the code C consists of the following four codewords: 




h h h 

The distance of the code C is equal to 2 h, and hence / is a ( 311,2,2k — 1)- 
resilient function. ® 



10.7 Notes and References 

Coding theory is an enormous topic in its own right. We have just mentioned 
a few results that are closely connected to combinatorial designs in general 
and orthogonal arrays in particular. Most of the results on codes are "classi- 
cal" and can be found in standard reference works and textbooks. 

Useful books on coding theory include "Introduction to Coding Theory" 
by van Lint [78], "The Theory of Error-correcting Codes" by MacWilliams 
and Sloane [80], and "Coding and Information Theory" by Roman [87], Two 
books that describe connections between designs and codes are "Designs 
and Their Codes" by Assmus and Key [3] and "Designs, Codes, Graphs and 
Their Links" by Cameron and van Lint [20]. See also the survey on codes by 
Tonchev [111]. 

"Orthogonal Arrays, Theory and Applications", by Hedayat, Sloane, and 
Stufken [59], is a recent book devoted specifically to orthogonal arrays. 

Resilient functions were invented by Bennett, Brassard, and Robert [7] 
and independently by Chor et al. [22], These functions have interesting ap- 
plications in cryptography. Section 10.6 is based on Stinson [104], For ad- 
ditional information on resilient functions, see Bierbrauer, Gopalakrishnan, 
and Stinson [11]. 



10.8 Exercises 

10.1 Assuming there is a Aj)-OA and a t-(v 2 ,k, A 2 )-OA, prove that 

there is a t-{v\V 2 ,k, Ai/\ 2 )-OA. 
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10.2 Use the Gilbert- Varshamov Bound to prove that the following orthog- 
onal arrays exist: 

(a) a4-(2, 9,8)-OA; 

(b) a 4-(2, 12, 16)-OA; 

(c) a3-(3, 10, 9)-OA. 

10.3 Prove that a (23, 2 12 , 7, 2)-code and an (11, 729, 5, 3)-code are both per- 
fect codes. 

Remark: These codes exist, and they are known as the binary and 
ternary Golay codes, respectively. 

10.4 Suppose that (F 2 ,C) is an 2)-code in which d is odd. For all 

codewords (x\, . . - ,x n ) G C, define 

if wt(*i, . . . , x n ) is even 
if wt(*i, . . .,x n ) is odd. 

Then define 

V= {(*!,. . .,x n+1 ) : (x lf ...,Xn) GC}. 

Prove that (F 2 , T>) is an (n + 1, M, d + 1, 2)-code. 

Remark: This process is called extending a code. 

10.5 Construct the (24, 6, 14, 2)-code that is described in Example 10.35. 

10.6 Suppose n, d, k, u, and v are defined as in the proof of Theorem 10.34. 
Suppose also that 2d > n, d is even, n is odd, and k is even. 

(a) Prove that 2 u and v are both nonnegative integers. 

(b) Prove that the code that is formed by pasting together 2 u copies 
of a (2k — 2 / k / k / 2)-code and v copies of a (4 k + 2,2 k+ 2,2 k + 
2, 2)-code meets the Plotkin Bound with equality. 

10.7 An (n,M,d,q)- code, say ( Q,C ), is an equidistant code if d(x,y) = d for 
all x,yeC,x/y. 

(a) Suppose there is a resolvable (v,b,r,k, 1)-BIBD. Prove that there 
is an equidistant (n, M, d, q)- code, where n = r, M = v, d = 
r — A, and q = v/k. 

(b) If an equidistant («, M, d, q)- code exists and d > (q — l)n/q, then 
it is known that 

M> - 3L - . 

qd — (q — l)n 

Prove that the code constructed in part (a) meets this bound with 
equality. 

Remark: This bound is a q-a ry analogue of the Plotkin Bound. 

10.8 Suppose we first choose 2" codewords from the code 72.(1, «), then we 
form a square matrix whose rows are the 2” chosen codewords, and 
then we replace every entry "0" by "1" and every entry "1" by " — 1". 

(a) Determine the conditions under which the resulting matrix is a 
Hadamard matrix of order n. 

(b) Determine the conditions under which the resulting matrix is 
the Sylvester matrix S„ . 
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10.9 A binary code (F 2 ,C) is a constant-weight code if there exists a positive 
integer zv such that wt(x) = zv for all x G C. A ( v,k,t) -packing is a 
design (X, A) in which |X| = v, every block A € A has size k, and no 
f-subset of points is contained in more than one block. 

(a) Suppose M is the incidence matrix of a (v, b, r,k, A)-BIBD. Define 
a binary code C whose codewords are the rows of M. Prove that 
(F 2 ,C) is a (b,v,2(r — A),2)-code having constant weight r. 

(b) Suppose M is the incidence matrix of a (v, b, r, k, 1 )-BIBD. Define 
a binary code V whose codewords are the columns of M. Prove 
that (F 2/ V) is a ( v , b,2(k — l), 2)-code having constant weight k. 

(c) Prove that a ( v , k, f)-packing having b blocks exists if and only if 
there exists a {v,b,2(k — t + l),2)-code having constant weight 
k. 

(d) Let D(v,k,t) denote the maximum number of blocks in any 
( v,k , f j-packing. Prove the following assertions. 

i. D(p,M)< tfJ- 

ii. D(v,k,t) < [%D(v-l,k-l,t-l)\. 
iii- D(v,k,t)< 

Remark: This bound is known as the Johnson Bound. 

10.10 Let G be the following matrix: 

/0 0 0 1 1 1 1\ 

0110011. 

\1 010101/ 

(a) Prove that the linear code whose basis consists of the rows of G 
is a (7,8,4,2)-code. 

(b) Describe how to construct a (7h,?>,Ah — l)-resilient function for 
all integers h > 1. 
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Selected Applications of Combinatorial Designs 



There are many interesting and important applications of combinatorial de- 
signs to areas including computer networks, design and analysis of algo- 
rithms, cryptography, design and analysis of experiments, and tournament 
scheduling. In this chapter, we present four applications of combinatorial 
designs. The four applications are authentication codes, threshold schemes, 
group testing algorithms, and the two-point sampling technique. These ap- 
plications consist of two from the field of cryptography, one from experimen- 
tal design, and one from algorithm design. They should just be considered 
as a sample or an appetizer; we do not even begin to cover the range of the 
many ingenious and diverse applications of designs that have been discov- 
ered. 



11.1 Authentication Codes 

The eminent cryptologist Gustavus Simmons has referred to cryptology as 
"the science of information integrity". Most people are familiar with the idea 
of encryption, which is used to keep the contents of a message secret from 
an eavesdropper. However, as suggested by the term "integrity", there are, 
in addition, other objectives in providing secure communications over an in- 
secure network. One of the most important is the question of authenticity. 
When Alice sends a message to Bob (encrypted or not), how can Bob be sure 
that it was Alice who sent the message, and how does he know that the mes- 
sage was not altered by someone else during its transmission? 

One elegant way to solve this problem is to use an authentication code. 
We will discuss authentication codes, and a construction for them that uses 
combinatorial designs, in this section. 

Here is the mathematical setting in which we study the problem. There 
are three participants: Alice, Bob, and Oscar. Alice and Bob want to com- 
municate over an insecure channel (e.g., by e-mail, fax, or cell-phone). Oscar 
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(the "bad guy") has the ability to introduce his own messages into the chan- 
nel and/or to modify existing messages. We consider two types of attacks by 
Oscar. When Oscar places a (new) message m' into the channel, it is called 
impersonation. When Oscar sees a message m and changes it to a (different) 
message m' f m, it is called substitution. 

As an example, suppose that Bob is Alice's stockbroker. When Alice sends 
a message to Bob, such as "buy 100 shares of Acme stock", she would not be 
very happy if Oscar changed "buy" to "sell"! 

The goal of an authentication code is to allow Bob to detect with high 
probability when such an attack has taken place. Here is a formal mathemat- 
ical definition of an authentication code. 

Definition 11.1. An authentication code is a four-tuple (S , A,JC,£), where the 
follozving conditions are satisfied. 

1. S is a finite set of source states. 

2. A is a finite set of authenticators. 

3. K, is a finite set of keys. 

4. For each K € K, there is an authentication rule e ^ e £, where e^ '■ S — > A. 

Here is how an authentication code works. Alice and Bob jointly choose a 
secret key K £ K, at random. They do this "ahead of time", either when they 
are together in the same place or when they have access to a secure chan- 
nel. A source state is just the information that Alice wants to communicate 
to Bob (e.g., "buy 100 shares . . ."). When Alice wants to communicate the 
source state s € S to Bob, she uses the authentication rule to construct 
the authenticator a = Ck(s). The message m is formed by concatenating s and 
a, i.e., m = ( s,a ). The message m is then sent over the channel. When Bob 
receives m, he verifies that a = e^{s) to authenticate the source state s. If 
a f then Bob is able to detect that an attack has taken place. 

An authentication code can be represented by the |/C| x |5| authentication 
matrix in which the rows are indexed by the keys, the columns are indexed 
by source states, and the entry in row K and column s of the matrix is e^(s). 

When Oscar performs impersonation or substitution, his goal is to have 
his bogus message m' = (s', a') accepted as authentic by Bob, thus mislead- 
ing Bob as to the state of the source. That is, if K is the secret key (the value 
of which is not known to Oscar), then Oscar is hoping that a' = e^(s' ). 

The strength of an authentication code is measured by the deception proba- 
bilities Po and Pi, which represent the probability that Oscar can deceive Bob 
by impersonation and substitution, respectively. In computing the deception 
probabilities, it is assumed that Oscar is using an optimal strategy. When Al- 
ice and Bob use an authentication code, they want P (l and Pi to be small (so 
Oscar has only a small possibility of carrying out a successful attack). They 
also want |/C | (the number of possible keys) to be small because the key must 
be stored securely by both Alice and Bob until the time that Alice sends a 
message to Bob and he authenticates it. 




11.1 Authentication Codes 259 



11.1.1 A Construction from Orthogonal Arrays 

Orthogonal arrays provide a nice way of constructing authentication codes. 
Suppose that B is an OA (m,n) on symbol set {1, ...,n}. We define S = 
{1, . . . ,m}, A = {1, . . . ,n}, and JC = { 1, . . . ,n 2 }. The rows of B are indexed 
by K, and the columns are indexed by S. For 1 < K < n 2 , the authentication 
rule ejc is defined as 

e K (s) = B(K,s) 

for 1 < s < m. In other words, the orthogonal array B is used as the authen- 
tication matrix of our code. 

Let's analyze the deception probabilities of this authentication code. In 
computing the deception probabilities, we assume that the authentication 
matrix is known to Oscar. The only information that Oscar does not know is 
the particular key (i.e., the row of the orthogonal array) that is being used by 
Alice and Bob. 

P 0 is quite simple to compute. Suppose that Oscar places any message 
m = (s, fl) into the channel. Then m is accepted as authentic if and only if 
ex(s) = a, which happens if and only if B(K,s) = a. Here K is a random row 
of the orthogonal array B, and the value of K is known by Alice and Bob but 
not by Oscar. 

Let £(s, a) = {L : B(L,s) = fl}. Then it is not difficult to see that \C{s,a)\ = 
n , and Oscar's deception will succeed if and only if K £ C(s, a). Since /C = 
n 2 , it follows that the attack succeeds with probability 

|£(s,fl)| _ 1 
|/C| ~ n 

Since this probability is independent of the message (s, a) that Oscar inserts 
into the channel, we see that Pq = 1 In for this code. 

We now turn to the analysis of Pi. Here, we suppose that Oscar sees a 
valid message m = ( s,a ), and he replaces it with a bogus message m! = 
(s', a'), where s ^ s'. If we again define C(s,a) = {L : B(L, s) = a}, then 
observation of the message m allows Oscar to conclude that K £ C{s,a). In 
other words, the number of "possible keys" is reduced from n 2 to n (however, 
we will see that this does not increase Oscar's probability of a successful 
deception). 

Now, Oscar 's deception will succeed if and only if K £ £ (s' , a'). However, 
since it is known that K £ £(s,fl), it must be the case that K £ C(s,a) fl 
£(s' , a'). Now, we use the fact that B is an OA(m,n) to observe that |£(s, fl) fl 
£(s',fl')| = 1 . Since it is known that K £ £(s, a), and the deception succeeds if 
and only if K G £(s, fl) fl £(s', fl'), the success probability of this substitution 
attack is 

|£(s, a) fl £(s',a')| 1 

|£(s,fl)| n 
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Since this probability is independent of the original message (s, a) and the 
bogus message (s', a') that Oscar inserts into the channel, we see that Pj = 
1/n. 

Summarizing, we have the following theorem. 

Theorem 11.2. Suppose there is an OA (m, n). Then there is an authentication code 
for m source states, having n authenticators and n 2 keys, in which P 0 = Pi = 1/n. 

Example 11.3. As above, suppose that Alice owns 100 shares of Acme stock. 
For 0 < i < 99, we will let source state i correspond to the order "sell i + 1 
shares"; and for 100 < i < 199, we will let source state i correspond to the 
order "buy i — 99 shares". Thus we desire a code with (at least) 200 source 
states, so we need an OA (m, n) with m > 200. 

Now suppose that Alice and Bob want a security level of 1 / 1000; i.e., they 
want a code with Pq < 1/1000 and P\ < 1/1000. This means that they will 
use an OA (m,n) with n > 1000. 

The simplest way to accommodate these requirements is to take n to be 
the smallest prime exceeding 1000, i.e., n = 1009. Then they construct an 
OA(200, 1009). This can easily be done using Theorem 6.39. To be specific, let 
S = {0, . . .,199}, A = Z 1009 , an d 1C = Z1009 x Z1009. For K = (i,j), where 
i,j € Zioo9/ the authentication rule is defined as 

eayf s) = i + sj mod 1009 

for 0 < s < 199. 

Suppose that the key is K = (427, 886). If Alice wants to buy 50 shares of 
Acme stock, then the source state is s = 149. She computes the authenticator 
to be 

a = £(427, 886) (149) = 427 + 886 x 149 mod 1009 = 262. 

Then the message she transmits to Bob is m = (149, 262). When Bob receives 
this message, he recomputes the authenticator using the authentication rule 
£(427, 886) to verify the authenticity of the message. S 

When constructing an authentication code using an OA(m,n), the param- 
eter n relates to the security of the code, while the parameter m determines 
the number of source states. Furthermore, in order for an OA('m, n) to exist, 
we have that m < n + 1 by Theorem 6.29 and Theorem 6.38. These facts must 
be taken into account when constructing an authentication code. 

Another observation about this orthogonal array code is that it is a one- 
time code: a key should be used to authenticate only one source state. This is 
seen as follows. Suppose that Alice uses the same key K to authenticate two 
different source states, s and s'. Thus she transmits two messages, (s, a) and 
(s', a'), where a = £j<(s) and a' = £k(s'). Because the authentication matrix 
B is an orthogonal array, there is a unique row of B in which a appears in 
column s and a' appears in column s'. This row, K, is the key, and it can easily 
be computed by Oscar after observation of the two messages. Once Oscar 
knows the key, he can determine the correct authenticator for any source 
state and perform successful deceptions (as long as the key is not changed). 
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11.2 Threshold Schemes 

Suppose that a bank has a vault that must be opened every day. The bank 
employs three senior tellers, but they do not want to trust any individual 
with the combination. Hence, they would like to devise a system that enables 
any two of the three senior tellers to gain access to the vault. This problem 
can be solved by means of threshold schemes. Here is an informal definition. 

Definition 11.4. Suppose that t and zv are integers such that 2 < t < zv. A perfect 
(t,zv) -threshold scheme is a method of sharing a secret value K among a finite 
set V = {Pi, . . . , P w } ofzv participants in such a zuay that any t participants can 
compute the value of K but no group oft — 1 (or fezver) participants can compute 
any information about the value of K from the information they hold collectively. 

The value of K is chosen from a specified set of secrets, denoted 1C, by 
a special player, the dealer. The dealer is denoted by D, and it is assumed 
that D V. When D wants to share the secret K among the participants 
in V, he gives each participant some partial information called a share. Each 
share is chosen from a specified share set, denoted by S. The shares should be 
distributed in a secure manner, so no participant knows the share given to 
another participant. 

At a later time, a subset of participants B C V pool their shares in an 
attempt to compute the secret K. If B > f, then they should be able to com- 
pute the value of K as a function of the shares they jointly hold; if |B| < t, 
then they should not be able to compute K. In the "bank" example described 
above, we are asking for a (2, 3)-threshold scheme. 

11.2.1 A Construction from Orthogonal Arrays 

It is easy to obtain a (f, zv ) -threshold scheme from any t-(v, zv + 1, 1)-0A. Sup- 
pose that this orthogonal array. A, is defined on symbol set X, the columns 
are labeled 1, . . . ,zv + 1, and the rows are labeled 1, . . . , v* . The scheme will 
have K. = S = X, so it accommodates v possible secrets. Associate the first 
zv columns of the array with the zv participants and the last column with the 
secret. For every K € X, define Rk = {r : A(r,zv + 1) = K } . In other words, 
Rf( is the set of rows of A having the element K in the last column. Now, 
when D wants to share the secret K £ X, he chooses a random row r £ R^. 
Then D gives the share A(j, i ) to participant P, for 1 < i < zv. 

Suppose that t participants, say P,- , . . . , P if , wish to determine the secret. 
Note that the orthogonal array A is known to all the participants in V . Let s y 
be P^s share, 1 <j<t. Because A is a t-(v, zv + 1, 1)-0A, there is a unique 
row r such that A(r, f) = sp 1 <j<t. It is a simple matter for the t given 
participants to determine r and then to compute K = A(r,zv + 1). 

To prove that the scheme is secure, we show that knowledge of any t — 1 
shares leaves the secret completely undetermined. This implies that no sub- 
set of t — 1 participants can determine anything about the value of K (except 
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that K G X, of course). Suppose that P,\ has share sj, 1 < / < t - 1. For any 
L G X, there is a unique row ri of A such that A(ji, ij) = Sj for i < < t - 1, 
and A(rL, w + 1) = L (again, this follows because A is a t-(v, w + 1, 1)-0A). In 
other words, for any possible value L of the secret, there is exactly one row 
ri e Rl such that the share Sj is given to P ijr l <j< t-1. The given subset 
of t — 1 participants has no way of knowing which of these v possible rows 
was actually used by D to compute the shares, and hence any possible value 
for the secret is consistent with the given subset of t — 1 participants holding 
the specified t — 1 shares. 

We summarize the above as follows. 

Theorem 11.5. Suppose that there exists a t-(v,w + 1, 1)-0A. Then there exists a 
perfect (t,w)-threshold scheme with |«S| = \K\ = v. 

Example 11.6. Suppose we want a perfect (2, 10)-threshold scheme with |5| = 

| AS | = 101. We can use an OA(ll, 101) to do this. Because 101 is prime. The- 
orem 6.39 can be applied. The rows of the orthogonal array are indexed by 
Zioi x Z 101 and the columns are named 0, . . . , 10. The entries in the orthog- 
onal array A are defined by the formula 

A((i,;),c) = i + jc mod 101, 

z, j G Z 10 i,0 < c < 10. Suppose we relabel column 0 as column 11 (this is the 
column of the orthogonal array that corresponds to the secret). Then, observe 
that Rk = {K} x Z 101 for 0 < K < 100. 

Suppose that D wishes to share the secret K = 55. He chooses a random 
row in R55, say (55, 17). This row determines the shares Sj, . . .,Sio to be dis- 
tributed to Pi, ... , Pm, respectively. These shares are computed as follows: 

sx = 55 + 17 x 1 mod 101 = 72 

52 = 55 + 17 x 2 mod 101 = 89 

53 = 55 + 17 x 3 mod 101 = 5 

54 = 55 + 17 x 4 mod 101 = 22 

55 = 55 + 17 x 5 mod 101 = 39 

56 = 55 + 17 x 6 mod 101 = 56 

s 7 = 55 + 17 x 7 mod 101 = 73 

ss = 55 + 17 x 8 mod 101 = 90 

S9 = 55 + 17 x 9 mod 101 = 6 

S10 = 55 + 17 x 10 mod 101 = 23. 

Now, suppose that P2 and P9 want to compute K. Their shares provide two 
equations in two unknowns, i and j (where ( i,j ) is the row of the orthogonal 
array that D used to generate the shares): 



i + 2 j = 89 mod 101 
i + 9) = 6 mod 101. 
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Subtracting the first congruence from the second, we get 

7j = 18 mod 101. 

To solve this congruence, we compute 7~ 1 mod 101 = 29. Then, 

/' = 29 x 18 mod 101 = 17. 

Having determined that j = 17, it is a simple matter to substitute back into 
the first congruence to obtain 

i = 89 - 2 x 17 mod 101 = 55. 

Then the secret is seen to be K = i = 55. I 

11.2.2 Anonymous Threshold Schemes 

A perfect (f, zc)-threshold scheme is an anonymous threshold scheme if the fol- 
lowing two properties are satisfied: 

1. the zv participants receive zv distinct shares, 

2. the secret can be computed solely as a function of t shares, without the 
knowledge of which participant holds which share. 

Observe that the threshold schemes, constructed in Theorem 11.5 from or- 
thogonal arrays, are not anonymous. 

In an anonymous scheme, the computation of the secret can be performed 
by a black box that is given f shares and does not know the identities of 
the participants holding those shares. This could allow a secret to be reused 
many times without constructing new shares. 

Resolvable (v, zv, l)-BIBDs provide a nice way to construct anonymous 
(2, w)-threshold schemes. Suppose that (X, hi) is a resolvable (v, w, 1)-BIBD. 
There are r = (v — l)/(zv — 1) parallel classes in this BIBD, which we name 
n i , . . . , n, . The scheme we construct will have K, = { 1 , . . . , r } and S = X 
(i.e., we have r possible secrets, and the share set has cardinality v). 

Suppose that D wants to share the secret K, where 1 < K < r. Then D 
chooses a random block A € n^, and he gives the zv points in A to the zv 
participants (i.e., one point is given to each of the zv participants). 

Suppose that two participants wish to determine the secret. The design 
(X, hi) and its resolution are known to all the participants in V. Let s and t be 
the shares held by any two participants. Since (X, hi) is a BIBD with A = 1, 
there is a unique block A such that {s, t} C A. Then the two participants 
can find the parallel class that contains the block A, and the secret is 
revealed as K. Note that this computation depends only on the values of the 
two shares and not on the identities of the participants holding them. Thus 
the scheme is anonymous. 

Now we show that the scheme is secure (i.e., that knowledge of any one 
share leaves the secret completely undetermined). Suppose a participant has 
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share s. For any L such that 1 < L < r, there is a unique block Ai £ n \ such 
that s £ A i (this follows from the fact that each lb / is a parallel class). Hence, 
for any possible value L of the secret, there is exactly one block Ai £ n / such 
that the share s £ A^. Any of these r possible blocks could have been used by 
D to distribute shares to the participants in V, and hence any possible value 
for the secret is consistent with any given share s £ X. 

We summarize the above as follows. 

Theorem 11.7. Suppose there is a resolvable (v, zv, 1)-BIBD. Then there exists an 
anonymous perfect (2,w)-threshold scheme with |<S| = v and \K,\ = {v — \ )/(w — 
1). ' 

Example 11.8. We will use a resolvable (15, 3, 1)-BIBD to construct an anony- 
mous perfect (2, 3) -threshold scheme with A = 15 and /C =7. We present 
an example of a resolvable (15, 3, 1)-BIBD. The BIBD has point set 

X = {a, b, c, d, e,f,g, h, i, j, k, l,m,n,o}. 

The 35 blocks are arranged into seven parallel classes, named n 4 , . . . Tly, as 
follows: 



ni 


n 2 


n 3 


n 4 


n 5 


n 6 


n 7 


abc 


ahi 


ajk 


ade 


afg 


aim 


ano 


djn 


beg 


bmo 


bln 


bhj 


bik 


bdf 


ehm 


cmn 


cef 


cij 


clo 


cdg 


chk 


fio 


dko 


dhl 


fkm 


dim 


ejo 


eil 


gkl 


ffl 


gin 


gho 


ekn 


fhn 


gjm 



Suppose that D wants to share the secret 4. He picks a random block in n 4 , 
say cij. The shares c, z, and j are given to the three participants. 

At a later time, any two of these shares can be used to reveal the secret. For 
example, given the shares c and i, we find that the unique block containing c 
and i is cij. Then we determine that the parallel class that contains this block 
is n 4 , so the secret is K = 4. B 



11.3 Group Testing Algorithms 

Suppose that a large number of blood samples need to be tested for the pres- 
ence of a rare disease. If each test is expensive, it might be more efficient 
to combine several samples before testing them. Such a scheme is called a 
group testing algorithm. Then a negative result to a test ensures that none of 
the samples are positive (assuming, for simplicity, that the tests always give 
the correct answer). On the other hand, a positive result would reveal only 
the fact that at least one of the samples in the test is positive. Further tests 
would be required to reveal which particular samples are in fact positive. 

In general, we might set up a procedure where we perform a sequence 
of group tests in which the samples used in later tests depend on the out- 
comes of earlier tests. For example, as mentioned above, if a particular test 
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T is negative, then there is no need to retest any of the samples in T. How- 
ever, in many applications of group testing, there are some practical benefits 
to a special type of group testing called nonadaptive testing. In nonadap- 
tive group testing, a predetermined set of group tests is performed. This has 
several potential advantages, three of which are as follows. 

• There is less probability of error in the testing procedure (i.e., testing the 
wrong samples) since exactly the same tests are done each time the group 
testing algorithm is carried out. 

• There is potentially less overhead, due to the fact that the tests are known 
ahead of time and can be organized in a convenient manner. 

• The tests can be performed in parallel to any desired degree. This is ex- 
tremely important if it takes a long time to set up and / or carry out an 
individual test. 

A nonadaptive group testing algorithm can be modeled or defined as a de- 
sign in a straightforward way. Let X be a set of m elements called samples, and 
let A be a set of n subsets of X called tests. We will refer to the pair (X, A) as 
an (m, «)-NAGTA. In general, the tests can be of different sizes if desired, and 
we are not assuming any kind of balance property. At this point, all we have 
is a set X and a set A of subsets of X. 

Suppose that we define A = {{x} : x € X}. Then (X, A) is a (trivial) 
(m, «z)-NAGTA. Since we want to minimize n (the number of tests), we are 
interested primarily in (m, n)-NAGTAs with n < m. 

The objective of a group testing algorithm will be to identify the subset 
IT C X of positive samples, which we call the positive subset. This will be done 
by using a test function f : 2 X — > {0, 1}, which works as follows: 



m 



1 if YnUf(D 

0 if Yn lt = 0 



for any YCX (where 2 X denotes the set of all subsets of X). Of course the 
test function / depends on If. 

The result vector of the (m , «)-NAGTA (X,A), given the positive subset 
If, will be the binary n-tuple R{U) = (/(A) : A £ A). In other words, we 
apply the test function to every test A £ A. We will say that (X, A) identifies 
the positive subset If if If is determined uniquely as a function of R(U). 
Equivalently, this can be stated as the requirement that R(U) f R(V) if U f 
V. 

Often we may begin with an a priori guarantee or assumption that | If \ < 
s, where s < m is a specified integer. We will say that (X, A) is (m, «)-NAGTA 
with threshold s if R(U) R(V) whenever If, V C X, |lf| < s, |V| < s, and 
U^V. 

Example 11.9. Suppose that X = {1,2, 3,4, 5,6} and 



A = {{1,2,3}, {1,4, 5}, {2,4,6}, {3, 5,6}}. 
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We tabulate the results of the (6,4)-NAGTA (X, A) for all possible positive 
subsets If with |lf| < 2, as follows: 



u 


R(U) 


If 


R(U) 


0 


0000 


{1/6} 


1111 


{1} 


1100 


{2,3} 


1011 


{2} 


1010 


{2,4} 


1110 


{3} 


1001 


{2,5} 


1111 


{4} 


0110 


{2,6} 


1011 


{5} 


0101 


{3,4} 


1111 


{6} 


0011 


{3,5} 


1101 


{1/2} 


1110 


{3,6} 


1011 


{1/3} 


1101 


{4,5} 


0111 


{1/4} 


1110 


{4,6} 


0111 


{1/5} 


1101 


{5,6} 


0111 



From the tabulation above, we see that (X, A) has (maximum) threshold s = 

I. The fact that s > 1 follows because the seven vectors R ( U ) , where U < 1, 

are distinct. However, for sets of cardinality two, the result vectors are not 
always different (for example, R({1, 2}) = R( { 1,4})). Thus s = 1. I 

II. 3.1 A Construction from BIBDs 

Suppose that ( Y,B ) is a (v,b, r,k, 1)-BIBD, and let (X,A) be the dual in- 
cidence structure, as defined in Section 1.3. (In other words, (X, A) is the 
design whose incidence matrix is the transpose of the incidence matrix of 

CW) 

We will use (X, A) as a (b, z>j-NAGTA. Recall from Theorem 1.17 that 
(X, A) satisfies the following properties: 

1. each sample occurs in exactly k tests, 

2. each test contains exactly r samples, 

3. every pair of distinct samples is contained in at most one test. 

We will show that (X, A) has threshold k — 1. To accomplish this, we will 
describe a simple algorithm to identify the positive subset If, given the result 
vector R(lf) and assuming that |lf| < k — 1. The algorithm depends on the 
fundamental observation we made earlier that If fl Y = 0 if /(Y) = 0. From 
this observation, it follows immediately that 

U C X\ |J A 

{AeA:f(A)=0} 

for any nonadaptive group testing algorithm and for any subset If C X. 

For a NAGTA that is the dual of a BIBD with A = 1, we will show that 

If = X\ |J A 

{AeA:f(A)=0} 
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if | L7| < k — 1. Otherwise, there exists an x (f_ LI such that 

x ^ U A- 

{AeA:f(A)= 0} 

This is equivalent to saying that x ^ U and f(A) = 1 for every A € A such 
that x £ A. 

Now, the sample x occurs in k tests, each of which must contain a sample 
in U. Property 3 ensures that no sample in U occurs in more than one test 
with x, so it must be the case that |ii| > k. This contradicts the assumption 
\U\ < k — 1, and thus we have proved the following. 

Theorem 11.10. If there exists a (v, b, r,k, 1)-BIBD, then there exists a ( b,v )- 
NAGTA ivitli threshold k — 1. 

Theorem 11.10 says that the positive set id can be identified if it has car- 
dinality at most k — 1 . What happens if j It | > k? Since 

UCX\ |J A, 

{AeA:f(A)= 0} 



it follows that 



k < \U\ < 



X\ [J A 

{AeA:f{A)= 0} 



in this case. Hence, even though we may not be able to identify U when 
| U | > k, we can always recognize when | U \ > k. 

Suppose that (X, .4) is the (b, c)-NAGTA of Theorem 11.10, where X = 
{1, and A = {Aj : 1 < j < v}. Given the result vector R(U) = 
(/(Aj), . . . ,f(A v )), the algorithm IDENTIFY will identify U if |li| < k — 1 
and report that \ U\ > k otherwise. 



Algorithm: lDENTIFY(.R(lf)) 

Id <— 0 

for i <— 1 to b 

do M[i\ 1 
for j <— 1 to v 

'iif(Aj) = 0 



do 



for i 



then for each x £ A 



do M[x\ 

1 to b 



0 



/if M[i\ = 1 
\ then U 4 - U U \i} 
if | Id | < k — 1 

then return ( U ) 

else return ("the positive subset has size at least k ") 
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We present an example to illustrate this. 

Example 11.11. A (9, 3, 1)-BIBD is presented in Example 1.4. The blocks of the 
dual incidence structure are as follows: 

A 1 = {1,4,7,10}, A 2 = {1,5,8,11}, A 3 = {1,6,9,12}, 

A 4 = {2,4,9,11}, A 5 = {2,5,7,12}, A 6 = {2,6,8,10}, 

A 7 = {3,4,8,12}, A 8 = {3,5,9,10}, A 9 = {3,6,7,11}. 

Suppose we obtain the following result vector: 

R(U) = (0,1, 0,0, 1,0, 1,1,1). 

When we execute the algorithm Identify with input R(U), we compute the 
following: 

/ M 

111111111111 
101101101 101 1 
30 110100 100 10 
4 0 01 0 1 0 0 1 0 0 0 0 
60 01010 000 0 0 0 

(Note that boxed entries are used to indicate when a "1" is changed to a "0".) 
The positive set U is thus U = {3, 5}. I 

When we use a (v,k, 1)-BIBD to construct an (m, // j-NAGTA, we get m = 
( n 2 — ri)/ ( k 2 — k). For fixed k, we have that n is 0(k^fm). 



11.4 Two-Point Sampling 

11.4.1 Monte Carlo Algorithms 

There are many problems for which no fast deterministic algorithm is known 
but that can be solved efficiently using randomized algorithms. One such 
problem is primality testing, where we are given an integer n > 2 and are 
required to answer the question "is n composite?". Primality testing is often 
done by means of a Monte Carlo algorithm. In general, Monte Carlo algo- 
rithms are used for decision problems, in which the objective is to correctly 
answer a yes-no question. 

Definition 11.12. A yes-biased Monte Carlo algorithm, A, is an algorithm for 
a decision problem that satisfies the folloiving properties: 

1. A is a randomized algorithm (i.e., it makes random choices during its execu- 
tion); 

2 . for any problem instance I, A alivays gives an answer "yes” or "no”; 
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3. if the instance I is a no-instance, then A answers "no"; 

4. if the instance I is a yes-instance, then the probability that A answers "yes" is 

at least 1 — e, where e > 0 is some fixed constant (independent of I). 

The value e is called the error probability of the algorithm A. 

Observe that, if A answers "yes", then we know that the answer is correct. 
However, if A answers "no", then there is the possibility that the answer may 
be incorrect. 

A yes-biased Monte Carlo algorithm. A, can be viewed as a two-stage 
procedure. In the first stage, a sample point x is chosen at random from a 
specified finite universe U = U(I), where, in general, If depends on the 
instance I. In the second stage, a deterministic algorithm is applied to the 
given sample point x and instance I. The deterministic algorithm computes a 
yes-no valued function /(/, x), which is taken to be the output of A. In order 
that A has error probability e, the function f should satisfy the following 
properties for all problem instances I : 

1. if I is a no-instance, then f(I,x) = 0 for all x £ U(I ); 

2. if I is a yes-instance, then 

\{x€U(I):f(I,x) = l}\>(l-e)\U(I)\. 

Example 11.13. Primality testing is a decision problem for which Monte Carlo 
algorithms are often used in practice. The question to be answered is "is n 
composite?". This means that the instance 1 is just the integer n. 

The well-known Miller-Rabin algorithm is a yes-biased Monte Carlo al- 
gorithm for primality testing in which If (I ) = {0, . . . , n — 1}. It has been 
proven that the resulting error probability of this algorithm, e, is at most 1/4. 



The main reason that Monte Carlo algorithms are so useful is that the er- 
ror probability can be made as small as desired by repeated application of 
the algorithm. Assume that A is a yes-biased Monte Carlo algorithm with 
error probability e. Suppose we are given an instance I, and we run A on I k 
times using k independent random sample points x £ 1/(1) in the k trials of 
the algorithm. If we get at least one "yes" answer, then the instance I must 
be a yes-instance. On the other hand, if I is a yes-instance, then the proba- 
bility of getting k "no" answers in k trials is at most e k , which approaches 0 
exponentially quickly as a function of k. 

This analysis is based on the assumption that the sample points used in 
the successive trials are chosen independently at random from 11(1). When 
a Monte Carlo algorithm is implemented in actual practice, however, one 
always uses a pseudo-random number generator, which is a deterministic 
algorithm that produces a sequence of sample points from If (I) given a truly 
random starting point called a "seed". This means that the analysis given 
above does not apply. In general, analysis of the error probability will depend 
on the particular pseudo-random number generator that is used. 
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11.4.2 Orthogonal Arrays and Two-Point Sampling 

Orthogonal arrays provide a convenient method of obtaining a sequence of 
pseudo-random sample points. Suppose that I is an instance, and let U = 
U(I) be the universe of sample points for the instance I as before. Suppose 
that A is an orthogonal array OA (k,n) on symbol set LI , where LI = n. Recall 
that there are n 2 rows in A. 

The method of tzvo-point sampling proceeds as follows. 

1. Let r be a random row in A. 

2. Use the A: values A(r, 1), . . ., A(r,k) as the A: sample points (note that these 
k sample points are not necessarily all distinct). 

If the rows of A are indexed by U x If, then a random row of A is specified 
by choosing two points independently at random from U. (The two points 
are not required to be distinct.) This is the reason for the term "two-point 
sampling". 

We now present an elementary combinatorial analysis of the two-point 
sampling technique that allows us to calculate a bound on the resulting error 
probability. Suppose that 1 is a yes-instance, and define 

S = {xe U : f(I,x) =1}. 

We call S the set of witnesses (note that we do not know the set S explicitly). 
We have |S| = m, where m = (1 — e)n. 

Let a, denote the number of rows of A in which there are exactly i oc- 
currences of elements from S. Call a row of the matrix a bad row if none of 
the elements in the row is a witness. Then the error probability is simply the 
probability that a randomly selected row of the orthogonal array is a bad row. 
Hence, the error probability, when we run the algorithm A using k sample 
points chosen from a random row of A, is seen to be 

err(S) = §. (11.1) 

n A 

As mentioned above, we do not know the set S explicitly, but we have an 
upper bound on | S \ . An upper bound on the error probability of two-point 
sampling can be obtained by computing 

err = max{err(S) : S C IT, |S| = m}. 

We first derive three simple equations using elementary properties of or- 
thogonal arrays. Since an OA (A, n) has n 2 rows, we have 

Y J a i = n 2 - (11-2) 

i=0 



Next, we count the number of occurrences of witnesses in A in two ways. 
There are exactly iz, rows in which there are i occurrences of witnesses. In any 
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column of A, each point occurs exactly n times so the number of occurrences 
of witnesses in a given column is nm. Since there are k columns in A, the total 
number of occurrences of witnesses in A is knm. This yields the following 
equation: 

n 

F, idj = knm. (11.3) 

i = 0 

Similarly, we can count the number of occurrences of pairs of witnesses 
occurring in the same row in two ways. In any row in which there are i occur- 
rences of witnesses, there will be i(i — 1) occurrences of pairs of witnesses. 
On the other hand, if we look at any two columns of A, the number of occur- 
rences of pairs of witnesses in the same row is m 2 . (This is because any par- 
ticular pair of witnesses occurs exactly once in any given pair of columns.) 
Two columns can be selected in k(k — 1) ways, and so the total number of 
occurrences is k(k — 1 jin 2 . This yields the following equation: 

y, i(i — l)g,- = k(k — 1 )m 2 . (11-4) 

1=0 

Let z be any real number. Then we have 

0 < y(i-z) 2 fl/ 

i '= 1 

= y (z 2 — 2 zi + z 2 )di 
i = l 

n n n 

= y / 2 «; — 2z y iaj + z 2 y a, 

j=i ?=i !=i 

n 

= k(k — l)m 2 + knm — 2 zknm + z 2 y 

i=i 



from equations (11.2), (11.3), and (11.4). It follows that 
dh Iknmz — knm — k(k — \)m 2 

E«»- ^ ^ — — 

i=i ^ 



(11.5) 



Elementary calculus shows that the right-hand side of (11.5) is maximized 
when we choose 

n + (k — 1 )m 

z = ^ . 

n 



Hence, we get 



n 



L a i ^ 

i=i 



kmn 2 

n + (k — l)m' 



Now, from (11.2) and (11.6), we have 



( 11 . 6 ) 
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9 kmn 2 
Uq <n — 



n + {k— l)m 

Finally, we get the following bound on the error probability from (11.1): 

km 



err(S) < 1 - 

Since m — n(l — e), we have that 
err(S) < 



n + (k— \)m ' 



l + (fc-l)(l-e)- 



(11.7) 



Because (11.7) is true for any set S C U of cardinality m, we have the follow- 
ing theorem. 

Theorem 11.14. If err denotes the error probability of the two-point sampling tech- 
nique for a universe U of size n, using as sample points the k elements in a random 
row of an orthogonal array OA (k,n), then 



e 

err < 

- l + (fc — 1)(1 — e) 



( 11 . 8 ) 



Note that this bound on the error probability approaches 0 only linearly 
quickly as a function of k. 

We give a small, toy example, which actually meets the bound proved in 
Theorem 11.14. 



Example 11.15. The following is an OA(3,4) . 



0 


0 


2 


0 


1 


3 


0 


2 


0 


0 


3 


1 


1 


0 


3 


T 


1 


2 


l 


2 


1 


T 


3 


0 


2 


0 


0 


2 


1 


1 


2 


2 


2 


2 


3 


3 


3 


0 


1 


3 


1 


0 


3 


2 


3 


3 


3 


2 
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If the set of witnesses for the universe U = {0,l,2,3}isS = {0,1}, then 
n = 4 and e = 1/2. It is easy to check that uq = 4 and «2 = 12 for the OA(3,4) 
presented above, and hence 



err(S) 



4 _ 1 
16 A' 



On the other hand, since k = 3, we have 



£ 1 

l + (Jfc-l)(l-e) = 4' 



so the bound (11.8) is met with equality. 



I 



11.5 Notes and References 

Some interesting surveys on the applications of combinatorial designs to 
computer science include Colbourn and van Oorschot [33], Stinson [105], 
Gopalakrishnan and Stinson [49], and Colbourn, Dinitz, and Stinson [30]. 

Authentication codes were invented by Gilbert, MacWilliams, and Sloane 
[48]. They have been extensively studied in cryptography; Simmons [95] is 
a good survey. Combinatorial aspects of authentication codes are considered 
in various papers, such as Stinson [103]. 

The idea of threshold schemes is due to Blakley [12] and Shamir [93]. Con- 
nections between orthogonal arrays and threshold schemes are discussed in 
Dawson, Mahmoodian, and Rahilly [37], Theorem 11.7 is from Stinson and 
Vanstone [106], where the idea of anonymous schemes is introduced. 

Much information about group testing can be found in the book "Combi- 
natorial Group Testing and Its Applications" by Du and Hwang [43]. Theo- 
rem 11.10 can be derived as a consequence of [43, Corollary 7.4.4]. 

Two-point sampling was invented by Chor and Goldreich [21]. Section 
11.4 is based on Gopalakrishnan and Stinson [51]. For a brief discussion of 
the applications of combinatorial designs to derandomization, see Gopala- 
krishnan and Stinson [50]. 



11.6 Exercises 

11.1 Suppose that (5, A, JC, £) is an authentication code in which S = 
{0, ...,8}, A = Zn, and 1C = Zn x Z^. For K = ( i,j ), where 
i,j £ Z ] | , the authentication rule ep p is defined as 

e (/,/)( s ) = + s j m °d ii 

for 0 < s < 8. 

(a) Suppose that Oscar observes the message (5,4) in the channel. 
Determine the set of possible keys being used by Alice and Bob. 
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(b) Suppose Oscar substitutes the message (4, 1). If this message is 
accepted by Bob, what must the key be? 

11.2 We investigate a slightly modified model for authentication in this 
question. Suppose we have a four-tuple {S,M.,1C,£), where the fol- 
lowing conditions are satisfied. 

1. S is a finite set of source states. 

2. M is a finite set of messages. 

3. 1C is a finite set of keys. 

4. For each K £ K,, there is an encoding rule e k € £, where e K : S —> A 

is an injective function. 

Bob will accept a message m £ M as authentic if there exists s £ S 
such that ez(s) = m (note that there exists at most one such s (given m) 
because the encoding rules are injective). 

Let (X,A) be a (v,b,r,k,X)-B\BD. Defined = {1, ...,k},M = X, 
and /C = A. For every block A £ A, define an encoding rule e& so that 

{c,i(s) : s £ = A. 

(There are k\ possible ways to define each encoding rule e so that this 
condition is satisfied.) 

Prove that this authentication code has Pq = k/v and P\ = (k 

l)/(z; — 1 ). 

11.3 A 3-(17,6, 1)-0A can be used to construct a perfect (3, 5 (-threshold 
scheme. The entries in the orthogonal array are defined by the formula 

A((io,h,i 2 ),c) = i 0 + i\c + i 2 c 2 mod 17, 
where (z'o, z'i, h) £ (Z 17 ) 3 and 1 < c < 5. The secret is 
K = A((z'o, z‘i,z‘ 2 ), 0 ) = z'o, 

and the shares for Pj, . . .,P 5 are A((z' 0 ,z'i, i 2 ), 1 ), . . . , A((z' 0 , z'i, z' 2 ), 5 ), re- 
spectively. 

Suppose that the shares given to Pi, P 3 , and P 5 are 8 , 10, and 11, 
respectively. Determine the secret. 

11.4 Generalizing Exercise 11.3, we can use orthogonal arrays based on 
Corollary 10.7 to construct threshold schemes. The resulting threshold 
schemes are known as Shamir threshold schemes. Here is how a Shamir 
( t , zcj-threshold scheme is constructed over Ap, where p is a prime. 

1. D chooses w distinct, nonzero elements of Z p , denoted x,, 1 < i < w 

(this is where we require p > zv + 1). For 1 < i < w, D gives the 
value Xj to P, . The values x, are public. 

2. Suppose D wants to share a key K £ Z p . D secretly chooses (inde- 

pendently at random) t — 1 elements of Z p , which are denoted 
«1, • • • / ZZf — 1 • 

3. For 1 < i <zv,D computes y,- = zz(x ; ), where 

t-i 

a(x) = K + djX ! mod p. 

i= 1 
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4. For 1 < i < zv, D gives the share y, to P ( . 

In summary, the dealer constructs a random polynomial a(x) of de- 
gree at most f — 1 in which the constant term is the key, K. Every par- 
ticipant Pj obtains a point (xy, y,j on this polynomial. 

Suppose that participants P ( | , . . . , P, ( want to determine K. They 
know that y\. = a(xj.), 1 < j <t, where a(x) G Z f ,[x] is the (secret) 
polynomial chosen by D. K can be determined by first computing 

/(*) = £*, n ^ (11-9) 

j= 1 1 <k<t,k^j l j Xl k 

and then setting K = /( 0). 

Remark: Equation (11.9) is known as the Lagrange Interpolation For- 
mula. 

(a) Prove that f(Xj ) = y,\ for 1 <j<t. 

(b) Prove that the polynomial f(x) = a(x). 

Hint: The polynomial f(x) - a(x) has at least t roots. 

(c) Prove that K = /( 0). 

.5 (a) Suppose that the following are the nine shares in a Shamir ( 6 , 9)- 

threshold scheme (as described in Exercise 11.3) implemented in 
Z 1993 : 

i Xj it: 

1 1 187 

2 2 1547 

3 3 498 

4 4 1407 

5 5 1564 

6 6 1176 

7 7 795 

8 8 185 

9 9 603 

Exactly one of these shares is defective (i.e., incorrect). Your task 
is to determine which share is defective and then figure out 
its correct value as well as the value of the secret. The "prim- 
itive operations" in your algorithm are polynomial interpola- 
tions (using (11.9)) and polynomial evaluations. Try to minimize 
the number of polynomial interpolations you perform. 

Hint: The question can be solved using at most three polynomial 
interpolations. 

(b) Suppose that a Shamir (f, zf)-threshold scheme has exactly one 
defective share, and suppose that zv > 2 1. Describe how it is 
possible to determine which share is defective using only two 
polynomial interpolations. 

(c) More generally, suppose that a Shamir (f, zf)-threshold scheme 
has exactly r defective shares, and suppose that t > (r + l)zv. 
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Describe how it is possible to determine which shares are defec- 
tive using only r + 1 polynomial interpolations. 

11.6 Suppose an affine plane of order 7 is used to set up an anonymous 
(2,7) threshold scheme with |/C| = 8 and <S = 49. The affine plane 
(X, ^4) can be constructed in the usual way as follows. X = Z 7 x Z 7 . 
For any a, b G Z 7 , define a block 

A a ,b = {(x, y) G X : y = ax + b mod 7}. 

For any c G Z 7 , define 

Aoo,c = {(c,y) : c G Z 7 }. 

Then, define 

A = {A a>b : a,b G Z 7 } U { A cc /C : c G Z 7 }. 

(a) Suppose that the secret is K = 5. Compute the shares to be dis- 
tributed to the seven participants if the block A5 3 is chosen by 
the dealer. 

(b) Compute the secret if two of the shares are (3, 5) and (6, 2). 

11.7 Suppose that (X,A) is a design with m points and n blocks, and let 
M = (irij'j) be its incidence matrix. Let the rows of M be labeled by 
the elements in the set R, and let the columns of M be labeled by the 
elements in the set C. M is said to be s-disjunct provided that for every 
row r G R and for all sets of rows {ri, . . . , r s } C R\{r}, there exists a 
column c G C such that m r/C = 1 and m ri/C = ■ ■ ■ = m rs/C = 0. 

(a) Prove that (X, A) is an (m, n)-NAGTA with threshold s if the in- 
cidence matrix M is s-disjunct. 

(b) Suppose that a (binary) (n,m,d, 2)-code has constant weight zv. 
Prove that the m x n matrix whose rows are the in codewords is 
s-disjunct provided that s(w — d/2) < zv. 

11.8 The blocks of the dual incidence structure of a (9, 3, 1)-BIBD are as fol- 
lows: 

= {1,4,7,10}, Ai = {1,5,8,11}, A 3 = {1,6,9,12}, 

A 4 = {2,4,9,11}, A 5 = {2,5,7,12}, A 6 = {2,6,8,10}, 

A 7 = {3,4,8,12}, A 8 = {3,5,9,10}, A 9 = {3,6,7,11}. 

Suppose that these blocks are used as tests in a nonadaptive group 
testing algorithm and the result vector is 

R(U) = (1,0, 1,1,0, 0, 1,1,0). 

Identify the positive set If, if possible. Show all your work. 

11.9 Prove that equality occurs in Theorem 11.14 if and only if there exists 
an OA (k,n) and a subset S of m = (1 — e)n symbols such that every 
row of this orthogonal array either contains 0 or z symbols from S, 
where z = 1 + (k — 1)(1 — e). 

11.10 Let p > 3 be a prime, and suppose we construct an OA(3, p), say A, 
by the method described in Theorem 6.39. To be specific, let ti \ , « 2 , 
be three distinct elements of Z p . Then define the entry in row ( i,j ) and 
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column c to be A((i,j),c) = i + ja c mod p for all i,j g X p , c = 1,2,3. 
For such an orthogonal array, and for m = 1, 2, 3, determine the exact 
value of 



max{err(S) : S C Z p , |S| = m}. 




A 



Small Symmetric BIBDs and Abelian Difference 
Sets 



We provide a summary of known existence and nonexistence results for 
"small" symmetric BIBDs and Abelian difference sets. In Table A.l, we list 
all parameter triples (v,k, A) in which \(v — 1) = k(k — 1), v/2 > k > 3, 
and 3 < k < 15 (if k > v/2, then apply block complementation, which was 
presented as Theorem 1.32, and/or Exercise 3.1). 

We use the following abbreviations in Table A.l. 

• "Singer" denotes a Singer difference set (Theorem 3.28). 

• "QR" denotes a quadratic residue difference set (Theorem 3.21). 

• “H" denotes a (4m — 1,2 m — 1, m — 1)-BIBD constructed from a Hadamard 
matrix of order 4 m via Theorem 4.5. 

• "PG,/h/j" denotes a projective geometry (Theorem 2.14). 

• "BRC" denotes the Bruck-Ryser-Chowla Theorems (Theorems 2.16 and 
2.19). 

• "MT" denotes the Multiplier Theorem (Theorem 3.33). 

For existence of certain symmetric BIBDs and for the nonexistence of cer- 
tain difference sets, we refer to external sources. Note also that existence of 
a difference set implies the existence of the corresponding symmetric BIBD, 
and nonexistence of a symmetric BIBD implies nonexistence of a difference 
set with the same parameters in any (Abelian or non- Abelian) group. 




k v A 


SBIBD 


notes 


difference set notes 


3 7 1 


yes 


PG 2 (2) 


yes 


Singer 


4 13 1 


yes 


PG 2 (3) 


yes 


Singer 


5 21 1 


yes 


PG 2 (4) 


yes 


Singer 


5 11 2 


yes 


H 


yes 


QR 


6 31 1 


yes 


PG 2 (5) 


yes 


Singer 


6 16 2 


yes 




yes 


Example 3.4 


7 43 1 


no 


BRC 


no 




7 22 2 


no 


BRC 


no 




7 15 3 


yes 


PG 3 (2),H 


yes 


Singer 


8 57 1 


yes 


PG 2 (7) 


yes 


Singer 


8 29 2 


no 


BRC 


no 




9 73 1 


yes 


PG 2 (8) 


yes 


Singer 


9 37 2 


yes 




yes 


Example 3.24 


9 25 3 


yes 


[113, Table 5.25] 


no 


[10, Table A.3.1] 


9 19 4 


yes 


H 


yes 


QR 


10 91 1 


yes 


PG 2 (9) 


yes 


Singer 


10 46 2 


no 


BRC 


no 




10 31 3 


yes 




no 


MT ,p = 7 


11 111 1 


no 


[74] 


no 


MT, p = 2, 5 


11 56 2 


yes 


[113, Table 5.25] 


no 


[10, Table A.3.1] 


11 23 5 


yes 


H 


yes 


QR 


12 133 1 


yes 


PG 2 (11) 


yes 


Singer 


12 67 2 


no 


BRC 


no 




12 45 3 


yes 




yes 


Example 3.5 


12 34 4 


no 


BRC 


no 




13 157 1 unknown 




no 


Example 3.38 


13 79 2 


yes 


[113, Table 5.25] 


no 


MT, p = 11 


13 53 3 


no 


BRC 


no 




13 40 4 


yes 


PG 3 (3) 


yes 


Singer 


13 27 6 


yes 


H 


yes 


QR 


14 183 1 


yes 


PG 2 (13) 


yes 


Singer 


14 92 2 


no 


BRC 


no 




15 211 1 


no 


BRC 


no 




15 106 2 


no 


BRC 


no 




15 71 3 


yes 


[113, Table 5.25] 


no 


[10, Table A.3.1] 


15 43 5 


no 


BRC 


no 




15 36 6 


yes 




yes 


Example 3.6 


15 31 7 


yes 


PG 5 (2),H 


yes 


Singer, QR 



Table A.l. Small Symmetric BIBDs and Abelian Difference Sets 




B 



Finite Fields 



In this appendix, we give a brief summary of basic facts concerning finite 
fields. We provide definitions of the main concepts, several illustrative ex- 
amples, and statements of some important theorems, but no proofs. A reader 
wanting to study finite fields in more detail can consult a suitable algebra 
textbook. 

Definition B.l. A finite field is a triple (X, x, +) such that X is a finite set with 
|X| >2 and "x" and "+" are binary operations on X such that the following 
conditions are satisfied: 

1. addition is closed; i.e.,for any a,b £ X, a + b £ X; 

2. addition is commutative; i.e.,for any a,b £ X, a + b = b + a; 

3. addition is associative; i.e.,for any a, b, c £ X, {a + b) + c = a + (b + c ); 

4. 0 is an additive identity; i.e.,for any a £ X, a + 0 = 0 + a = a; 

5. for any a £ X, there exists an additive inverse of a, denoted — a , such that 
a + (— a ) = (—a) + a = 0; 

6. multiplication is closed; i.e.,for any a,b £ X, a x b £ X; 

7. multiplication is commutative; i.e.,for any a,b £ X, a x b = b x a; 

8. multiplication is associative; i.e.Jor any a,b,c £ X, (a x b) x c = a x (b x c); 

9. 1 is a multiplicative identity; i.e.,for any a £ X, axl = lxa = a; 

10. for any a £ X\{0}, there exists a multiplicative inverse of a, denoted a~ l , 
such that a x a -1 = a -1 x a = 1; 

11. the distributive property is satisfied; i.e., for any a,b,c £ X, (a + b) x c = 
(a x c) + (b x c), and a x (b + c) = (a x b) + (a x c). 

The order of the finite field (X, x, +) is the integer |X|. 

Suppose that (X, x, +) is a finite field. Properties 1-5 establish that (X, +) 
is an Abelian group, and properties 6-10 show that (X\{0}, x ) is an Abelian 
group. 

Here are some familiar examples of fields. 

Example B.2. (1R, x, +) and (Q, x, +) are both (infinite) fields. i 
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Example B.3. If p is prime, then every nonzero element of Zp has a multiplica- 
tive inverse, and (. Zp , x, +) is a finite field of order p. 1 

A finite ring is a triple (X, x,+) that satisfies every property of a finite 
field except for property 10. 

Example B. 4. If m > 2 is an integer, then (Z m , x,+) is a finite ring. If m is 
composite, then it is easy to see that (Z„„ x , +) is not a field as follows. Sup- 
pose that d is a divisor of m, where 1 < d < n. Then d does not have a 
multiplicative inverse modulo m, so property 10 is violated. I 

There exist finite fields that are not of prime order. In fact, there is a finite 
field with q elements whenever q = p n , p is prime, and n > 1 is an integer. 
We will now describe very briefly how to construct such a field when n > 1 . 
First, we need several definitions. 

Definition B.5. Suppose p is prime. Define Z p [x\ to be the set of ait polynomials in 
the indeterminate x in which the coefficients are elements of Z p . ( (Zp [x], x , +) is a 
ring, where multiplication and addition of polynomials are defined in the usual way 
except that all coefficients are reduced modulo p.) 

1. For f(x),g(x) £ Zp[x\, we say that f(x) divides g(x) (notation: f (x) \ g(x)) 
if there exists q(x) £ Zp[x] such that 

g(x) = q(x)f(x). 

2. For f(x) £ Zp[x], define deg (/), the degree off, to be the highest exponent in 
a term of f. 

3. Suppose f(x),g(x),h(x) £ Z p [x],and deg (/) = n > 1. We define 

g(x) = h(x) (mod f(x)) 



if 

fix) | (g(x) -h(x)). 

Notice the resemblance of the definition of congruence of polynomials to 
that of congruence of integers. 

We are now going to define a finite ring of polynomials "modulo f(x)", 
which we denote by Z p[x]/(f(x)). The construction of Z p[x]/(f(x)) from 
Zp[x] is based on the idea of congruences modulo f(x) and is analogous to 
the construction of Z m from Z. 

Suppose deg(/) = n. If we divide g(x) by f(x), we obtain a (unique) 
quotient q(x) and remainder r(x), where 

g(x) = q(x)f(x) +r(x) 



and 



deg(r) < n. 




B Finite Fields 283 



This can be done by the usual long division of polynomials. It follows that 
any polynomial in Z \ p [x] is congruent modulo fix) to a unique polynomial 
of degree at most n — 1 . 

Now we define the elements of Z p [x] / ( f(x ) ) to be the p n polynomials in 
Z p[x\ of degree at most n — 1. Addition and multiplication in Z p[x]/ ( f(x )) 
are defined as in Z p [x], followed by a reduction modulo f(x ) . Equipped with 
these operations, Z p[x]/ ( /(x )) is a finite ring. 

Recall that Z m is a field if and only if m is prime. A similar situation holds 
for Z p[x}/ (f(x)). The analog of primality for polynomials is irreducibility, 
which we define as follows. 

Definition B.6. A polynomial /(x) £ Z p [x] is said to be an irreducible polyno- 
mial if there do not exist polynomials /i(x),/ 2 (x) £ Z p [x] such that 

f(x ) =fi(x)f 2 (x), 
where deg(/i) > 0 and deg(/ 2 ) > 0. 

Irreducible polynomials of all possible orders exist. More precisely, we 
have the following theorem. 

Theorem B.7. For any prime p and for any integer n > 1, there exists an irre- 
ducible polynomial f(x) £ Z p[x\ having degree n. 

The relevance of irreducible polynomials to the construction of finite 
fields is as follows. 

Theorem B. 8. Suppose p is prime and /(x) £ Z p[x]. Then Z p[x]/(f(x)) is a 
(finite) field if and only iff(x) is irreducible. 

Here is an example to illustrate the concepts described above. 

Example B.9. Let's construct a finite field having eight elements. This can be 
done by finding an irreducible polynomial of degree three in Zo [x] . It is suf- 
ficient to consider the polynomials having constant term equal to 1 since any 
polynomial with constant term 0 is divisible by x and hence is reducible. 
There are four such polynomials: 

fl(x) 
h(x) 
fs(x) 
fi(x) 

Now, f\ (x) is reducible because 

T 1 = (x T 1 ) (x T x T 1 ) 



= x 3 + l 
= x 3 T x T 1 
= x 3 + x 2 + 1 
= x 3 + x 2 + x + 1. 
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(remember that all coefficients are to be reduced modulo 2). Also, fa is re- 
ducible because 

x 3 -F x -F x H - 1 — (x + 1) (x + 1). 

However, fa (x) and fa (x) are both irreducible, and either one can be used to 
construct a field having eight elements. 

Let us use fa (x) , and thus construct the field Z 2 [x] / (x 3 + x + 1 ) . The eight 
field elements are the eight polynomials 0, 1, x, x + 1, x 2 , x 2 + 1, x 2 + x, and 

x 2 4~ x ~F 1 . 

To compute a product of two field elements, we multiply the two poly- 
nomials together and reduce modulo x 3 + x + 1 (i.e., divide by x 3 + x + 1 
and find the remainder polynomial). Since we are dividing by a polynomial 
of degree three, the remainder will have degree at most two and hence is an 
element of the field. 

For example, to compute (x 2 + l)(x 2 + x + 1) in Z 2 [x]/(x 3 + x + 1), we 
first compute the product in Z 2 [x], which is x 4 + x 3 + x + 1. Then we divide 
by x 3 + x + 1, obtaining the expression 

x + x 3 -F x ~F 1 = (x -Ft) (x 3 + x + 1) + x -Fx. 

Hence, in the field Z 2 [x] / (x 3 + x + 1 ) , we have that 

(x 2 + l)(x 2 + X + 1) = x 2 + X. 

Below, we present a complete multiplication table for the nonzero field ele- 
ments. To save space, we write a polynomial rt 2 x 2 + a \ x + (Iq as the ordered 
triple fl 2 fliflo- 



X 


001 


010 


Oil 


100 


101 


110 


111 


001 


001 


010 


Oil 


100 


101 


110 


111 


010 


010 


100 


110 


Oil 


001 


111 


101 


Oil 


Oil 


110 


101 


111 


100 


001 


010 


100 


100 


Oil 


111 


110 


010 


101 


001 


101 


101 


001 


100 


010 


111 


Oil 


110 


110 


110 


111 


001 


101 


Oil 


010 


100 


111 


111 


101 


010 


001 


110 


100 


Oil 



I 

We have described how to construct finite fields whose orders are primes 
or the power of a prime. There are no other orders for which finite fields 
exist. 

Theorem B.10. There exists a finite field of order q if and only ifq = p", where p is 
prime and n > 1. 

It is natural to ask if finite fields of the same order that are constructed 
from different irreducible polynomials are "different". In fact, the resulting 
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fields turn out to be isomorphic. (Two fields (X, x, +) and (Y, x, +) are iso- 
morphic finite fields if there exists a bijection f : X — > Y such that 

< p(x + x') = <p(x) + c p(x ') and < p(x x x') = <p(x) x <p(x') 

for all x, x' S X.) 

Theorem B.ll. Suppose that (X, x,+) and (Y, x,+) are finite fields of order q. 
Then these two fields are isomorphic. 

We denote the (unique) finite field of order q (where q = p", p is prime, 
and n > 1) using the notation F 1? . 

Theorem B. 12. Suppose that F 1? is a finite field. Then (F^\{0}, x) is a cyclic 
group. 

Theorem B.12 states that the nonzero elements of a finite field can be gen- 
erated as powers of a single element. Such a generator is called a primitive 
element of the finite field. 

Example B.13. The finite field Fg was constructed as Z 2 [x]/ (x 3 + x + 1) in 
Example B.9. The multiplicative group (Fg\{0}, x) has order 7. Since 7 is 
prime, it follows that any nonzero field element is a primitive element. 

For example, if we compute the powers of x, we obtain 

x 1 = x 

2 ? 

X = X 

x 3 = X + 1 

4 ? 

X = X' + X 

x 5 = x 2 + X + 1 

x 6 = x 2 + 1 

x 7 = 1 , 

which comprise all the nonzero field elements. S 

Theorem B.14. Suppose that q = p n , where p is prime and n > 1. Suppose also 
that q — 1 = 0 (mod r). Then there is a unique subgroup ( H , x) of ( F 1? \{0}, x) 
having order r. Furthermore, H = : 0 < i < r — 1}, where a. is a 

primitive element of F ? . 

Example B.15. Suppose that q = 81 = 3 4 . We can construct Fgi by first finding 
an irreducible polynomial /(x) € Z 3 [x] having degree four, /(x) = x 4 + x 3 + 
2 is one such polynomial, so we can take Fgi = Z 3 [x] / (x 4 + x 3 + 2) . In this 
field, it turns out that x is a primitive element. The multiplicative subgroup 
of order 8 is 



H = {l,x 10 ,x 20 , . . „x 70 }. 
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Writing the elements in H as polynomials of degree at most three, it can be 
shown that 

H = {±1, ±(x 3 + 2x 2 + 1), ±{x 3 + 2x 2 + 2), ±{x 3 + 2x 2 )}. 

I 

Suppose that (X, x,+) is a finite field, and let Y C X. We say that 
(Y, x, +) is a subfield of (X, x, +) provided that (Y, x, +) is itself a finite field. 

Theorem B.16. Suppose that q = p n , zvhere p is prime and n > 1. Then every 
subfield of F 1? has order p m , where m is a divisor ofn. Conversely, for every positive 
integer m dividing n, there is a unique subfield o/F p « isomorphic to F p m. 

The subfields of F^ are easily constructed. Fpm \ { 0 } is the unique sub- 
group H of Fpn\{0} having order p m — 1 (note that p m — 1 is a divisor of 
p n — 1 whenever m is a divisor of n). Then F pm = H U { 0 }. 

Example B.17. Fg is a subfield of F§i because 81 = 3 4 , 9 = 3 2 , and 2 divides 
4. F 9 consists of {0, 1, a 10 , tx 20 , . . . , a 70 }, where a is a primitive element of Fg^. 

I 

We now discuss the existence of square roots in finite fields. Let q be an 
odd prime power. Define 

QR (q) = {z 2 :z € F,j,z 7 ^ 0 } 

and 

QNR(^) = F ? \(QR(q) U {0}). 

We have the following. 

Theorem B. 18. Let q be an odd prime power. Then |QR(^)| = (q — l)/2 and 
|QNR(^) | = (q — l)/2. Furthermore, the follozving results hold. 

1. Ifx £ QR (q), then there are exactly two elements y £ F^ such thaty 2 = x, and 
these two elements sum to 0 . 

2. Ifx £ QNR(fj), then there are no elements y £ F^ such that y 2 = x. 

3. If x = 0, then there is exactly one element y £ F^ such that y 2 = x, namely 
y = 0. 

For even prime powers, the situation is completely different. 

Theorem B.19. Let q = 2”. For every x £ F, ; , there is a unique y £ F?« such that 
y 2 = x. 

Notes and References 

McEliece [81] is an excellent textbook on finite fields; Lidl and Niederreiter 
[76] is an important reference book that contains a huge amount of useful 
information on this subject. 
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